tags:

views:

145

answers:

2
Q: 

ReadProcessMemory returns a larger buffer (C, windows)

I'm trying to read a process memory using the following code:

void readdata(HANDLE phandle, LPCVOID paddress, SIZE_T datasize)
{
    char *buff;
    SIZE_T dataread;
    BOOL b = FALSE;

    buff = (char *) malloc (datasize);

    b = ReadProcessMemory(phandle, paddress, (LPVOID)buff, datasize, &dataread); 
    if(!b)
    {
     printf("error reading memory, err = %d\n", GetLastError());
     return;
    }

    printf("Data Read             = %d\n", dataread);
    printf("Len of actual buffer  = %d\n", strlen(buff));
    printf("Data = %s\n", buff);

    free(buff);
    return;
}

Now, phandle and paddress are known becuase I used WriteProcessMemory. I have the values from there. datasize is also known.

The function works ok, except for the following. ReadProcessMemory() returns dataread = 41 (which is correct, I passed 41 to datasize) but the actual length of the buff is 49. when I print buff i get my string + some garbage.

What am I doing wrong?

code is appreciated.

Thanks!

+1  A: 

Do you know that the data you read is a string? Ie. that it's null terminated? If not then using strlen() is guaranteed to be unreliable.

djna  2009-08-20 14:04:52
yes, it is a string. I put it there (including the NULL char at the end)
wonderer  2009-08-20 14:13:22
you put **strlen() + 1** bytes? Then, sorry guv, no idea.
djna  2009-08-20 14:31:25
+1  A: 

The '\0' at the end of your string is likely not being copied, either out of your buffer when you write, or into your buffer when you read. As a result, printf() is just going to print from the beginning of your string until it sees a '\0', which may be after a number of garbage characters.

Jonathan  2009-08-20 14:05:17
OK, how would I fix this (if this is the case)?I am writing the string there myself. the string is (for testing):"<1234567890> <hello> <world> <1234567890>\0"
wonderer  2009-08-20 14:14:40
Are you writing strlen(string) bytes? If so, strlen() does not include the '\0', so you need to add one to the count there.
Jonathan  2009-08-20 14:41:33
got it. thanks!
wonderer  2009-08-20 14:55:50

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS