C# byte[] array to string

Question

I am trying to use ReadProcessMemory function and I was wondering how do I change the memory value into string like in a game my health points is 500, I found the memory address how do I turn the value ( byte[] array ) into a string (500) thanks in advance.

Answer 1

Welcome to the MSDN Forums.

Use BitConverter class. e.g.

      byte[] array/*= yourPointAddress*/;
      string point;
      //if it's 16 bit
      point = BitConverter.ToInt16(array, 0).ToString();
      //if it's 32 bit
      point = BitConverter.ToInt32(array, 0).ToString();
      //if it's 64 bit
      point = BitConverter.ToInt64(array, 0).ToString();

Regards,

Yasser.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 2

System.Text.Encoding.Ascii.GetString should be able to do the trick for you.

Answer 3

Sorry tried both function but still not working for me here is my code, please read my code and tell me if I am doing something wrong

@Yasser

انت عريى؟

 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Collections;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
  class Program
  {
    [Flags] //AccessRights
    public enum ProcessAccessRights
    {
      PROCESS_VM_READ = (0x0010),
      PROCESS_VM_WRITE = (0x0020),
      PROCESS_VM_OPERATION = (0x0008)
    }
    [DllImport("kernel32.dll")] //OpenProcess function
    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheiritHandle, UInt32 dwProcessId);
    [DllImport("kernel32.dll")] //CloseHandle function
    public static extern Int32 CloseHandle(IntPtr hObject);
    [DllImport("kernel32.dll")] //ReadProcessMemory function
    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    [DllImport("kernel32.dll")] //WriteProcessMemory function
    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    static void Main(string[] args)
    {
      Process[] MyProcess = Process.GetProcessesByName("calc");
      IntPtr hprocess = OpenProcess((uint)ProcessAccessRights.PROCESS_VM_READ, 1, (uint)MyProcess[0].Id);
      if (hprocess.ToInt32() == 0)
      {
        Console.WriteLine("Handle failed!");
        return;
      }
      byte[] buffer = new byte[4];
      IntPtr num;
      ReadProcessMemory(hprocess, (IntPtr)0x0B007A, out buffer, 4, out num);
    }
  }
}

Answer 4

Well obviously the data you found at 0xb007a is not a string.

Answer 5

@Yasser

انت عريى؟

No, I'm Iranian but currently a Software Engineering Consultant in Dubai - UAE.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 6

I modified your code as below:

using System;
using System.Collections.Generic;
using System.Text;
using System.Collections;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
  class Program
  {
    [Flags] //AccessRights
    public enum ProcessAccessRights
    {
      PROCESS_VM_READ = (0x0010),
      PROCESS_VM_WRITE = (0x0020),
      PROCESS_VM_OPERATION = (0x0008)
    }
    [DllImport("kernel32.dll")] //OpenProcess function
    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheiritHandle, UInt32 dwProcessId);
    [DllImport("kernel32.dll")] //CloseHandle function
    public static extern Int32 CloseHandle(IntPtr hObject);
    [DllImport("kernel32.dll")] //ReadProcessMemory function
    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    [DllImport("kernel32.dll")] //WriteProcessMemory function
    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    [DllImport("kernel32.dll")] //GetLastError function
    public static extern UInt32 GetLastError();
    [DllImport("kernel32.dll")] //SetLastError function
    public static extern void SetLastError(UInt32 dwErrorCode);
    static void Main(string[] args)
    {
      Process[] MyProcess = Process.GetProcessesByName("calc");
      IntPtr hprocess = OpenProcess((uint)ProcessAccessRights.PROCESS_VM_READ, 1, (uint)MyProcess[0].Id);
      if (hprocess.ToInt32() == 0)
      {
        Console.WriteLine("Handle failed!");
        return;
      }
      byte[] buffer = new byte[4];
      IntPtr num;
      SetLastError(0);
      Int32 readResult = ReadProcessMemory(hprocess, (IntPtr)0x0B007A, out buffer, 4, out num);
      if (0 == readResult)
      {
        UInt32 lastError = GetLastError();
        Console.WriteLine("Last Error: {0}", lastError.ToString("X"));
      }
      Console.ReadKey();
    }
  }
}
/*
Last Error: 12B
*/

And according to http://msdn.microsoft.com/en-us/library/cc231199(PROT.10).aspx (2.2 Win32 Error Codes)

"0x0000012B
ERROR_PARTIAL_COPY
Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
"

I think there is a security issue!

What is your opinion?

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 7

Sorry the code just opened a blank console application so I don't think there is anything wrong in the ReadProcessMemory function and about security I also don't think that there is something wrong in the security I am using another programming language but it's kinda weak it's name "Auto Hot Key" and in that programming language I can easily read memory with no problems at all

Answer 8

So, could you please put your current complete code and the exception message if any?

Thank you

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 9

There is the complete code

using System;
using System.Collections.Generic;
using System.Text;
using System.Collections;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
  class Program
  {
    [Flags] //AccessRights
    public enum ProcessAccessRights
    {
      PROCESS_VM_READ = (0x0010),
      PROCESS_VM_WRITE = (0x0020),
      PROCESS_VM_OPERATION = (0x0008)
    }
    [DllImport("kernel32.dll")] //OpenProcess function
    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheiritHandle, UInt32 dwProcessId);
    [DllImport("kernel32.dll")] //CloseHandle function
    public static extern Int32 CloseHandle(IntPtr hObject);
    [DllImport("kernel32.dll")] //ReadProcessMemory function
    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    [DllImport("kernel32.dll")] //WriteProcessMemory function
    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, out byte[] lpBuffer, UInt32 nSize, out IntPtr lpNumberOfBytesRead);
    [DllImport("kernel32.dll")] //GetLastError function
    public static extern UInt32 GetLastError();
    [DllImport("kernel32.dll")] //SetLastError function
    public static extern void SetLastError(UInt32 dwErrorCode);
    static void Main(string[] args)
    {
      Process[] MyProcess = Process.GetProcessesByName("calc");
      IntPtr hprocess = OpenProcess((uint)ProcessAccessRights.PROCESS_VM_READ, 1, (uint)MyProcess[0].Id);
      if (hprocess.ToInt32() == 0)
      {
        Console.WriteLine("Handle failed!");
        return;
      }
      byte[] buffer = new byte[4];
      IntPtr num;
      SetLastError(0);
      Int32 readResult = ReadProcessMemory(hprocess, (IntPtr)0x0B007A, out buffer, 4, out num);
      if (0 == readResult)
      {
        UInt32 lastError = GetLastError();
        Console.WriteLine("Last Error: {0}", lastError.ToString("X"));
      }
      string y = BitConverter.ToInt32(buffer, 0).ToString();
      Console.WriteLine(y);
      Console.ReadKey();
    }
  }
}

I am trying to read a memory address from Microsoft Windows XP SP2 calculator

and please tell is the process name the process name in task manager or something else

The exception message

Unhandled Exception: System.ArgumentOutOfRangeException: Index was out of range.
 Must be non-negative and less than the size of the collection.
Parameter name: startIndex
  at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argu
ment, ExceptionResource resource)
  at System.BitConverter.ToInt32(Byte[] value, Int32 startIndex)
  at ConsoleApplication1.Program.Main(String[] args) in E:\MY IMPORTANT FILES\N
ew Folder (2)\ConsoleApplication2\ConsoleApplication2\Program.cs:line 49
Press any key to continue . . .

By the way it's nice to meet some smart guys from the east I am from Egypt (I am only 15).

Thanks for your effort and time

Answer 10

Unfortunately, I couldn't run that code in my Windows 7. it fails on ReadProcessMemory with "Attempted to read or write protected memory. This is often an indication that other memory is corrupt." exception message.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 11

Hi again,

I solved the problem. your code is great just needs some modifications as below:

using System;
using System.Collections.Generic;
using System.Text;
using System.Collections;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
 class Program
 {
  [Flags] //AccessRights
  public enum ProcessAccessRights
  {
   PROCESS_VM_READ = (0x0010),
   PROCESS_VM_WRITE = (0x0020),
   PROCESS_VM_OPERATION = (0x0008)
  }
  [DllImport("kernel32.dll")] //OpenProcess function
  public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheiritHandle, UInt32 dwProcessId);
  [DllImport("kernel32.dll")] //CloseHandle function
  public static extern Int32 CloseHandle(IntPtr hObject);
  [DllImport("kernel32.dll")] //ReadProcessMemory function
  public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
  [DllImport("kernel32.dll")] //WriteProcessMemory function
  public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In] byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
  [DllImport("kernel32.dll")] //GetLastError function
  public static extern UInt32 GetLastError();
  [DllImport("kernel32.dll")] //SetLastError function
  public static extern void SetLastError(UInt32 dwErrorCode);
  static void Main(string[] args)
  {
   Process[] MyProcess = Process.GetProcessesByName("calc");
   IntPtr hprocess = OpenProcess((uint)ProcessAccessRights.PROCESS_VM_READ, 1, (uint)MyProcess[0].Id);
   if (hprocess.ToInt32() == 0)
   {
    Console.WriteLine("Handle failed!");
    return;
   }
   byte[] buffer = new byte[4];
   UInt32 num = 0;
   SetLastError(0);
   Int32 readResult = ReadProcessMemory(hprocess, (IntPtr)0x0B007A, buffer, 4, ref num);
   if (0 == readResult)
   {
    UInt32 lastError = GetLastError();
    Console.WriteLine("Last Error: {0}", lastError.ToString("X"));
   }
   Console.WriteLine(BitConverter.ToInt32(buffer, 0).ToString());
   Console.ReadKey();
  }
 }
}
/*OUTPUT
-268500992
*/

Regards,

Yasser.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 12

I will try some other applications tomorrow then tell you the results but thanks again you really kind helpful guy.

Answer 13

Sorry, may I know your result? my output was -268500992 as I mentioned in my previous posted solution.

Thank you.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare

Answer 14

Sorry I didn't see your solution post it worked but I think in WriteProcessMemory it should be [In] byte[] IpBuffer

Thanks so much I have been trying to learn this for about 2 months nobody helped not everyone is kind and willing to help like you it's really good to see that there is still good people like you. (my output is 125).

And one last thing if I want to use WriteProcessMemory function how do I convert string and int to byte[] array ?

oh just remembered something can you explain to me bInheiritHandle?

Answer 15

Hi,

I'm sorry about that mistake. you are right. it should be "[In] byte[] IpBuffer" in WriteProcessMemory. I updated my post. thank you.

You're welcome. I just try to be a "Mr. Help".

You can convert strings and integers to byte array like below:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace ConsoleApplication2
{
  class Program
  {
    static void Main(string[] args)
    {
      Int32 i32 = 125;
      byte[] i32b = BitConverter.GetBytes(i32);

      string unicodeStr = "125";
      byte[] unicodeStrB = Encoding.Unicode.GetBytes(unicodeStr);
    }
  }
}

 

"bInheritHandle [in]: If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle."

See more at http://msdn.microsoft.com/en-us/library/ms684320(VS.85).aspx (OpenProcess Function)

Sincerely,

Yasser.

---

Don't be stickler and wine with William Shakespeare after the solution :^)
"And this our life, exempt from public haunt, finds tongues in trees, books in the running brooks, sermons in stones, and good in everything." William Shakespeare