0

Using this way I can get the correct value, but I would like an example of how to read the memory of my own process without using ReadProcessMemory.

var
  Modulo : HMODULE;
  Value1, Value2, Read : Cardinal;
  GetWindowTextAAPI: function (hWnd: HWND; lpString: PChar; nMaxCount: integer):integer; stdcall;
begin
  Modulo := GetModuleHandle('user32.dll');
  if (Modulo <> 0) then
  begin
    @GetWindowTextAAPI := GetProcAddress(Modulo, 'GetWindowTextA');
    if (@GetWindowTextAAPI <> nil) then
    begin
      ReadProcessMemory(GetCurrentProcess, Pointer(@GetWindowTextAAPI), Addr(Value1), 4, Read);
      ReadProcessMemory(GetCurrentProcess, Pointer(DWORD(@GetWindowTextAAPI)+4), Addr(Value2), 4, Read);
      ShowMessage(
      IntToStr(Value1)
      + ' ' +
      IntToStr(Value2)
      );
    end;
  end;
end;

How to Use the function CopyMemory correctly?

0x4
  • 21
  • 1
  • 6
  • `Assert(PDWORD(@GetWindowTextAAPI)^ = Value1)` . I'm not sure I understand though.. – Sertac Akyuz May 22 '16 at 20:53
  • 1
    Welcome to StackOverflow! Please do not create a new account for each of [your questions](https://stackoverflow.com/users/6365505). Looks like you've interested in API hooking. Is it correct? – Free Consulting May 22 '16 at 22:02
  • @SertacAkyuz returns Assertion failure. – 0x4 May 22 '16 at 22:20
  • @FreeConsulting Thanks, I did not create a new account, I registered because I'm new to Delphi and there are no good forums in my language. – 0x4 May 22 '16 at 22:22

1 Answers1

0

There's nothing special you need to do to read memory from your own process. It's what your program already does all the time. You certainly don't need ReadProcessMemory. Instead, you just dereference a pointer.

Since it doesn't look like you're interested in calling the API function, you can start by simplifying your function-pointer declaration:

var
  GetWindowTextAAPI: PDWord;

Then, assign the pointer and read the value:

GetWindowTextAAPI := GetProcAddress(Modulo, 'GetWindowTextA');
Value1 := GetWindowTextAAPI^;
Rob Kennedy
  • 161,384
  • 21
  • 275
  • 467
  • It worked properly, but does not return a correct value if I use + 0x4(BitBltAPI^+4), how to proceed? – 0x4 May 25 '16 at 18:21
  • As usual, Delphi requires that your code be syntactically correct. – Rob Kennedy May 25 '16 at 18:22
  • My current attempt IntToStr(BitBltAPI^+4) It does not work, how we would be correct? – 0x4 May 25 '16 at 18:35
  • *That's* syntactically correct; your previous comment isn't. The expression `BitBltAPI^` gives you the numeric value of the first four bytes of the `BitBlt` function. You're welcome to add 4 to that numeric value, but it's probably not what you intended. Rather, you probably want the numeric value of the *second* four bytes of the function. In your question, you already demonstrated that you know how to add values to pointers. I didn't think I needed to show you again. `PDWord(DWord(BitBltAPI) + 4)^` – Rob Kennedy May 25 '16 at 18:38
  • fix'd IntToHex(PDword(dword(BitBltAPI)+4)^,4) – 0x4 May 25 '16 at 18:39