Mega Code Archive
Get a process by executable path and read its memory space
<![CDATA[
Title: Get a process by executable path and read it's memory space
Question: Can I look in another process's address space ?
Answer:
{==========================================================
Here's an example of ReadProcessMemory (guess what it
does (:). The ReadProcessMem function searches for a
process who's executable file path matches 'exepath'.
If it finds it then gets the associated processID.
OpenProcess returns the handle used by ReadProcessMemory.
The function pushes at lpBuff the data read and ret :
0 : all OK
1 : executable not loaded
2 : could not open process
3 : error on read memory
===========================================================}
function ReadProcessMem(exepath : string;
lpBuff : PByteArray; BytesToRead : LongWord;
var BytesRead : LongWord) : Word;
var
procinfo : tagPROCESSENTRY32;
snaph,proch : cardinal;
isover : boolean;
begin
result:=0;
exepath:=uppercase(exepath);
snaph:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
procinfo.dwSize:=sizeof(PROCESSENTRY32);
isover:=false;
if not Process32First(snaph,procinfo) then
isover:=true;
while (uppercase(procinfo.szExeFile)exepath)
and (not isover) do
begin
if not Process32Next(snaph,procinfo)
then isover:=true;
end;
CloseHandle(snaph);
if isover then
begin
result:=1;
exit;
end
else
begin
proch:=OpenProcess(PROCESS_VM_READ,
false,procinfo.th32ProcessID);
if proch=0 then
begin
result:=2;
exit;
end
else
begin
if not ReadProcessMemory(proch,nil,
lpBuff,BytesToRead,
BytesRead) then
begin
result:=3;
exit;
end;
end;
closehandle(proch);
end;
end;
{
if you like to know if it reads anything try
this next code : (include a button on your form)
}
procedure TForm1.Button1Click(Sender: TObject);
var
buff : PByteArray;
bytesread : LongWord;
sresult : string;
begin
buff:=allocmem(1024);
Case ReadProcessMem('C:\Windows\explorer.exe',
buff,1024,bytesread) of
0 : sresult:='all OK';
1 : sresult:='executable not loaded';
2 : sresult:='could not open process';
3 : sresult:='error on readmemory';
end;
MessageBox(0,PChar(sresult),'result is',0);
end;
{
after getting the desired data into your buffer
you my use it freely (no copyright :) )
}
]]>