How read a pchar using ReadProcessMemory

Question

I'm using the ReadProcessMemory function to read the content of an external running app, I have a memory address which points to a PChar(UNICODE). I'm wondering which is the proper way to get that value back to a string variable?

Now i'm using this code, but is not working

var
c : char;

repeat
  if not ReadProcessMemory(ph, Address, @c, sizeof(c), BytesRead) then
    raise exception.create(syserrormessage(getlasterror));
  result:=result+c;
  Address:=pointer(integer(address)+sizeof(c));
until (c=#0#0) or (BytesRead<>sizeof(c));

This error is raised

Only part of a ReadProcessMemory or WriteProcessMemory request was completed

Sertac Akyuz · Accepted Answer · 2012-05-26T02:00:55.777

4

You are reading past the string: you are not reading bytes but chars, so compare the null terminator with a char, that is:

until (c=#0) or (BytesRead<>sizeof(c));

#0 is already 2 bytes,#0#0 is 4 bytes (it cannot be equal to any Char).

When you read past the string and "into an area of the process that is inaccessible" (as per the documentation) an error is returned.

edited May 26 '12 at 02:00

answered May 26 '12 at 00:54

Sertac Akyuz

54,131
4
102
169

How read a pchar using ReadProcessMemory

1 Answers1