| View previous topic :: View next topic |
| Author |
Message |
hollow87
Cheater
![]() Reputation: 0
Joined: 07 Feb 2015
Posts: 28
|
 Posted: Mon Nov 16, 2015 9:07 pm Post subject: [C#] ReadProcessMemory Question |
 |
|
Just a quick question regarding the p/invoke signature for ReadProcessMemory API
I currently have the following p/invoke signature for ReadProcessMemory
| Code: |
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int nSize, IntPtr lpNumberOfBytesRead);
|
I know the C API declares nSize and lpNumberOfBytesRead to be of type SIZE_T with that being said should I change both nSize and lpNumberOfBytesRead to UIntPtr to fit closer to the SIZE_T definition or should I be able to use this p/invoke signature without any issues on 32 and 64bit processes. |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25814
Location: The netherlands
|
| Posted: Tue Nov 17, 2015 3:08 am Post subject: |
|
|
change it to uintpt
lpNumberOfBytesRead is a pointer to a memoryaddress.
in 64 bit mode windows will write 8 bytes at the location it points to
so, if you used an int, 4 unknown other bytes would get overwritten causing unpredictable behaviour
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hollow87
Cheater
![]() Reputation: 0
Joined: 07 Feb 2015
Posts: 28
|
| Posted: Tue Nov 17, 2015 9:22 am Post subject: |
|
|
| Right that is why I had lpNumberOfBytesRead as an IntPtr always size of a platform int, I just didn't know if it being unsigned or not would matter but might as well change both nSize and lpNumberOfBytesRead to UIntPtr just so I won't possibly have an issue with them being signed. Correct? |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Nov 17, 2015 1:56 pm Post subject: |
|
|
lpNumberOfBytesRead is handled by reference or outvalue in C# so use it like this:
| Code: | ref IntPtr lpNumberOfBytesRead
or
out IntPtr lpNumberOfBytesRead |
Then for usage you would pass an intptr by reference like this:
| Code: |
var read = new IntPtr(0);
ReadProcessMemory(..., ref read);
or
ReadProcessMemory(..., out read);
|
_________________
- Retired. |
|
| Back to top |
|
|
hollow87
Cheater
![]() Reputation: 0
Joined: 07 Feb 2015
Posts: 28
|
| Posted: Tue Nov 17, 2015 2:23 pm Post subject: |
|
|
Right, but does it matter that the C API is a SIZE_T which is unsigned as opposed to C#'s IntPtr being signed.
Let me try and phrase my questions better.
Here is my current P/Invoke signature
| Code: | [DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int nSize, IntPtr lpNumberOfBytesRead);
|
I'm essentially wondering which one is the correct p/invoke signature my current one above or one of the 2 below.
| Code: | [DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, IntPtr nSize, IntPtr lpNumberOfBytesRead);
|
| Code: | [DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, UIntPtr nSize, UIntPtr lpNumberOfBytesRead);
|
SIZE_T definition from BaseTsd.h
| Code: |
#if defined(_WIN64)
typedef unsigned __int64 ULONG_PTR;
#else
typedef unsigned long ULONG_PTR;
#endif
typedef ULONG_PTR SIZE_T;
|
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Nov 17, 2015 2:25 pm Post subject: |
|
|
You can use UIntPtr instead.
_________________
- Retired. |
|
| Back to top |
|
|
hollow87
Cheater
![]() Reputation: 0
Joined: 07 Feb 2015
Posts: 28
|
| Posted: Tue Nov 17, 2015 3:02 pm Post subject: |
|
|
| Alright thanks that's what I thought just wanted yall's advice as well |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
