VB6 ReadProcessMemory Help

[CMoody1964]

Hey guys, i am new to this forum but i have been looking at all the posts for the past day or two and i am just wandering if somebody could please help me, i enjoy reverse engineering and programming but yet i cannot seem to do a simple task using vb6 (i know i should be using c or c++ but i would like to use vb6 for this current project) i would like to create a serial sniffer like program using ReadProcessMemory and other APIs but for a beginner i would just like something simple like reading the display on calc.exe i did see a detailed tutorial posted here by root86 but every time i use

PHandle = OpenProcess (PROCESS_ALL_ACCESS, False, pid)

it just jumps to the error handler and msgbox's "could not get process handle" so i would really appreciate it if somebody could please help!

[Aguila]

probably your pid is wrong

Api:

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

constant:

Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

declare pid and phandle as Long.

You can easily retrieve the right pid with these APIs:

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long

or use a task manager.

[atom0s]

Don't use PROCESS_ALL_ACCESS, it has issues with newer versions of Windows because the flag size has changed. Instead, specify which things you will need yourself.

For only reading memory, you should be ok with just:

PROCESS_VM_OPERATION|PROCESS_VM_READ

You can find the values for these at:
/>http://msdn.microsoft.com/en-us/library/ms684880(VS.85).aspx

[CMoody1964]

Private Sub Command1_Click()
    Dim hWnd As Long
    Dim pid As Long
    Dim pHandle As Long
    hWnd = FindWindow(vbNullString, "Calculator")
    If (hWnd = 0) Then
        MsgBox "Window not found!"
        Exit Sub
    End If
    GetWindowThreadProcessId hWnd, pid
    pHandle = OpenProcess(PROCESS_VM_OPERATION, False, pid)
    If (pHandle = 0) Then
        MsgBox "Couldn't get a process handle!"
        Exit Sub
    End If
    WriteProcessMemory pHandle, &H1014DD4, "Test", 4, 0&
    CloseHandle pHandle
End SubPrivate Sub Timer1_Timer()
    Dim hWnd As Long
    Dim pid As Long
    Dim pHandle As Long
    Dim str As String * 20
    hWnd = FindWindow(vbNullString, "Calculator")
    If (hWnd = 0) Then Exit Sub
    GetWindowThreadProcessId hWnd, pid
    pHandle = OpenProcess(PROCESS_VM_OPERATION, False, pid)
    If (pHandle = 0) Then Exit Sub
    ReadProcessMemory pHandle, &H1014DD4, str, 20, 0&
    Text1.Text = str
    CloseHandle pHandle
End Sub

That is the code i am using now guys (without the api calls i didn't post them), thank you for your fast replies and help but it is still returning the "Couldn't get a process handle!" message. do you have any ideas ?

[atom0s]

pHandle = OpenProcess(PROCESS_VM_OPERATION, False, pid)

Change that to:

pHandle = OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ, False, pid)

Be sure to add the definition for PROCESS_VM_READ as well.