estoy haciendo un code para buscar datos en la memoria de un proceso uso el readprocessmemory:
el codigo abre el proceso seleccionado normalmente pero al ejecutar el readprocessmemory , este no lee nada de memoria, al final del cmdBusqueda_Click agregue "me.caption = TotalBytes" (total de bytes leidos) para ver cuantos bytes lee pero siempre me da "0", intente usar el string buffer con byval y sin byval pero igual no lee:
en google encontre esta declaracion del api:
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
tambien encontre otra casi igual excepto que el parametro lpBuffer no tiene byval, he intentado con ambas formas pero no da resultado.
Código (vb) [Seleccionar]
Option Explicit
Dim hProcess As Long
Private Sub cmdBusqueda_Click()
Dim Data As String, Buffer As String, Target As Long
Dim TmpByte As Byte, TmpInteger As Integer, TmpLong As Long, TmpString As String
Dim Pos As Long, Address As Long, FirstByte As String
Dim Fin As Boolean, BytesLeidos As Long, BytesRead As Long
Dim TotalBytes As Long
Fin = False
Address = 0
If optByte.Value = True Then
TmpByte = Val(txtData.Text)
Data = Space(1)
Call CopyMemory(ByVal Data, TmpByte, 1)
ElseIf optInteger.Value = True Then
TmpInteger = Val(txtData.Text)
Data = Space(2)
Call CopyMemory(ByVal Data, TmpInteger, 2)
ElseIf optLong.Value = True Then
TmpLong = Val(txtData.Text)
Data = Space(4)
Call CopyMemory(ByVal Data, TmpLong, 4)
Else 'String
Data = txtData.Text
If optStringUnicode.Value = True Then
Data = Unicode(Data)
End If
End If
Dim Tmp As String, X As Integer, PID As Long
X = lstProcesos.ListIndex
If X = -1 Then Exit Sub
Tmp = lstProcesos.List(X)
Pos = InStr(1, Tmp, "*")
If Pos > 0 Then Tmp = Mid(Tmp, Pos + 1)
PID = Val(Tmp)
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, PID)
If hProcess = 0 Then
MsgBox "No se pudo abrir el proceso", vbCritical, ""
Exit Sub
End If
lstDirecciones.Clear
FirstByte = Mid(Data, 1, 1)
While (Fin = False)
Buffer = Space(5000)
Call ReadProcessMemory(hProcess, Address, Buffer, Len(Buffer), BytesLeidos)
DoEvents
If BytesLeidos > 0 Then
Buffer = Left(Buffer, BytesLeidos)
Pos = InStr(1, Buffer, FirstByte)
If Pos > 0 Then
Call ReadProcessMemory(hProcess, Address + Pos - 1, Buffer, Len(Buffer), BytesRead)
If BytesRead > 0 Then Buffer = Left(Buffer, BytesRead)
If Buffer = Data Then
Target = Target + Pos - 1 'dato encontrado
lstDirecciones.AddItem Target
Address = Target + Len(Data)
Else
Address = Address + 1
End If
Else
Address = Address + BytesLeidos
End If
End If
TotalBytes = TotalBytes + BytesLeidos
If TotalBytes >= 150000000 Then Fin = True
If BytesLeidos < 5000 Then Fin = True
Wend
Call CloseHandle(hProcess)
Me.Caption = TotalBytes
End Sub
Private Sub cmdRefrescar_Click()
Dim Proceso As String, pShot As PROCESSENTRY32
Dim ProcessID As Long, P As Long
Dim R32Next As Long, hHelp32 As Long
lstProcesos.Clear
hHelp32 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
pShot.dwSize = Len(pShot)
R32Next = Process32First(hHelp32, pShot)
While (R32Next <> 0)
Proceso = pShot.szExeFile
P = InStr(1, Proceso, Chr(0))
If P > 0 Then Proceso = Left(Proceso, P - 1)
ProcessID = pShot.th32ProcessID
lstProcesos.AddItem Proceso & Space(5) & "*" & ProcessID
R32Next = Process32Next(hHelp32, pShot)
Wend
Call CloseHandle(hHelp32)
End Sub
Private Sub Form_Load()
Call cmdRefrescar_Click
End Sub
el codigo abre el proceso seleccionado normalmente pero al ejecutar el readprocessmemory , este no lee nada de memoria, al final del cmdBusqueda_Click agregue "me.caption = TotalBytes" (total de bytes leidos) para ver cuantos bytes lee pero siempre me da "0", intente usar el string buffer con byval y sin byval pero igual no lee:
Código (vb) [Seleccionar]
Call ReadProcessMemory(hProcess, Address, ByVal Buffer, Len(Buffer), BytesLeidos)
Código (vb) [Seleccionar]
Call ReadProcessMemory(hProcess, Address, Buffer, Len(Buffer), BytesLeidos)
en google encontre esta declaracion del api:
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
tambien encontre otra casi igual excepto que el parametro lpBuffer no tiene byval, he intentado con ambas formas pero no da resultado.