none
Process scan for strings

    Question

  • Hey, this is the code i already found:

    using System;
    using System.Diagnostics;
    using System.ComponentModel;
    
    namespace MyProcessSample
    {
        class MyProcess
        {
            void BindToRunningProcesses()
            {
    
                Process myProcess = Process.GetCurrentProcess();
    
            }
    
            static void Main()
            {
                MyProcess myProcess = new MyProcess();
                myProcess.BindToRunningProcesses();
            }
        }
    }


    How do i scan this program for string, which are in the memory of it?

    Kind Regards!


    Friday, February 09, 2018 10:49 PM

All replies

  • Hello neoparadise1,

    >>How do i scan this program for string, which are in the memory of it?

    What do you mean the "scan" meaning? what purpose do you want to achieve? The code you provided is to create a MyProcess instance and then invoke "BindToRunningProcesses" method of which. If you want to find start and end address of process memory, you could try the below.

     Process myProcess = Process.GetCurrentProcess();
    
     IntPtr startOffset = myProcess.MainModule.BaseAddress;
     IntPtr endOffset = IntPtr.Add(startOffset, myProcess.MainModule.ModuleMemorySize);

    It would be nice if you give me more detailed info about you issues.

    Best regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Sunday, February 11, 2018 8:04 AM
    Moderator
  • Now, do you understand that Process.GetCurrentProcess() returns the process that is currently running?  What I mean is that you will get MyProcessSample.  If you want to read memory from a different process, that's not the right path.

    There are Win32 APIs to read memory from another process (like ReadProcessMemory), but I don't think there are .NET mappings for them.  You will probably need to use P/Invoke.

    Even with that, it's not easy to search a process' memory.  The memory space is not contiguous; there are chunks of mapped memory mixed with chunks of undefined memory.  You'll need to get the processes memory map to know where to search.


    Tim Roberts, Driver MVP Providenza & Boekelheide, Inc.

    Monday, February 12, 2018 7:08 AM