[Function] ReadProcessMemory Not Working Correctly

[adapa]

So, I have this function in my DLL. My DLL automatically gets injected into the wow.exe upon startup. I was curious if I was actually grabbing the session key because I could not derypt/encrypt the first channel you connect to. And I have been spitting out its results.. I don't know if I am not reading the memory at the right time, or if my code is not working because it is inside of a DLL. The code below works 100% because I use it all the time outside of my current project.

Code:

void WOWStealSessionKey(SOCKET s)
{
	ProxyList* proxy = getProxy(s, 0, 0);

/*
	HINSTANCE hInstance;  
	HANDLE hProcess;  
	DWORD dwThreadId, dwProcessId;
	HWND hwnd;
	hwnd = FindWindow(NULL,"World of Warcraft");
	if(!hwnd)  
	{  
		MessageBox(NULL, TEXT("Window Not Found"), TEXT("ERROR"), MB_OK);
		return;
	}

	hInstance = (HINSTANCE)GetWindowLong(hwnd, GWL_HINSTANCE);
	dwThreadId = GetWindowThreadProcessId(hwnd, &dwProcessId);
	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
*/

// Session Key
(D8056C + 508)(D80A74) - 00401000 = 97F064 + (Game Start Location Of Process) = 0xC40064


		DWORD LOCATION = 0xC40064;
		unsigned char what[1000];
		int what_len = 1000;
		ReadProcessMemory(GetCurrentProcess(), (void*)LOCATION,what,sizeof(what),0);
		printPacket(what,what_len,proxy->id,"WHAT I FOUND IN MEMORY",true); // Show 1000x of 00s
		CloseHandle(hProcess);
		HMACSHA1(HMAC1,HMAC2,proxy->id);
}

I tried all locations to see if I can get anything besides 1000x 00's. I tried calling it right before and after the first, second, and third packets that are exchanged(both sent and received!). Still, I get a big wall of 00s. I dont really understand why... Unless my session key location is wrong, but this is up to date session key location as of: 4.2.2(14545(release) AUG 23 2011

Im pretty sure I dont need to open the process up and get permission to read memory(since I am already in memory from the DLL) so I also added that in just to double check and I still get the current result. IF I can read the session key, I would be able to at least decrypt and encrypt the first channel. As I have tested my encryption code in game already with just a tool I made.

Any help would be huge for me. P.S. Using MSVC++ 2010 Express under vista 32. If that matters. Also, maybe my address for session key is not right...

[streppel]

So just for me to get this right: you are Inprocess with a dll and still want to use ReadProcessMemory to read something?
You could simply use pointers right in your dll and then use namedpipes or whatever to get the data to your main program

[adapa]

So just for me to get this right: you are Inprocess with a dll and still want to use ReadProcessMemory to read something?
You could simply use pointers right in your dll and then use namedpipes or whatever to get the data to your main program

Well, the DLL is a rewritten ws2_32 DLL, which then forces the game.exe(or any for that matter) to load my manipulated ws2_32 DLL. Which has a GUI that I load up, yada,yada,yada. I dont know any other way to read a location in memory while in process other then ReadProcessMemory ...

So I guess the question is: What can I use to acheive reading the memory location? If all else fails, I guess ill just have to get working on srp6...

[wraithZX]

value = *address;

C'mon. Seriously?

[adapa]

value = *address;

C'mon. Seriously?

OH MAN. Its been a long 2 months. :'(

[sitnspinlock]

and obviously check page protections, and valid memory. don't just blindly read/write

[adapa]

I just tested by grabbing the HMAC keys that are hard coded, and it does infact retrive the correct HMAC Seed Keys in memory.

The problem I am having is not knowing where the Session Key offset is... but I know exactly where it is...

All you do is goto: 4CC730 ClientServices::Connection

Code:

text:004CC730                   ClientServices__Connection proc near    ; CODE XREF: sub_401870+2Dp
.text:004CC730                                                           ; sub_401870+36p ...
.text:004CC730 A1 6C 05 D8 00                    mov     eax, dword_D8056C
.text:004CC735 C3                                retn
.text:004CC735                   ClientServices__Connection endp

dword_D8056C +508h. Right? GAHHHH!

[_Mike]

ReadProcessMemory Not Working Correctly

So you write some code, and then when it doesn't work you jump to the conclusion that the fault is in the windows API itself and not your own code?

And do you really have to start a new topic for every single post you make? They all cover the same subject anyways. It's getting a bit annoying now to see the new post indicator only to find that it's you again, asking for the same thing over and over.

As for the "not knowing how to dereference a pointer" business.. Read the section rules; On expectations specifically.

[Bananenbrot]

I'm wondering if you even read on msdn about the various error conditions signaled by that API...
You did absolutely zero error checking and instantly post in this forum about ReadProcessMemory being ****ed up.

[adapa]

So you write some code, and then when it doesn't work you jump to the conclusion that the fault is in the windows API itself and not your own code?

And do you really have to start a new topic for every single post you make? They all cover the same subject anyways. It's getting a bit annoying now to see the new post indicator only to find that it's you again, asking for the same thing over and over.

As for the "not knowing how to dereference a pointer" business.. Read the section rules; On expectations specifically.

Wow. Sorry guys. No need to throw punches under the belt. Sorry if I offended anyone. I was just trying to gather as much information along with my research and coding to produce some useful information so when I am finally done I could give back to the community on exactly how the protocol works.

As for all the questions, each post I make gets more conflicting answers, which I was going to make one post on my research when it was finally done to give back to the community so anyone following in my shoes could easly understand and know where to start.

Obviously the community doesnt want that. Thanks for the help you guys have given me thus far. Ill stop asking questions, and stop making posts.

[Cypher]

Wow. Sorry guys. No need to throw punches under the belt. Sorry if I offended anyone. I was just trying to gather as much information along with my research and coding to produce some useful information so when I am finally done I could give back to the community on exactly how the protocol works.

As for all the questions, each post I make gets more conflicting answers, which I was going to make one post on my research when it was finally done to give back to the community so anyone following in my shoes could easly understand and know where to start.

Obviously the community doesnt want that. Thanks for the help you guys have given me thus far. Ill stop asking questions, and stop making posts.

Don't be so juvenile. Contributions are great, but that's not what you're doing at the moment. Right now you're constantly cluttering up the forums with beginner-level questions. It would be acceptable if you created ONE thread for it, as at a glance it seems there is some value in what you're researching, however it's annoying when you post every little question as a brand new thread.

[suicidity]

It's funny when ambitious newbies get defensive after some pretty stupid/silly mistakes that they post on a message board. Afterward they go on to claim they were "figuring out" some <insert enormous "important" project> ( "for the community" of course ), when they can't even do the simplest task.

If you're so offended because you can't do an extremely simple task ( The "wrong" way might I add ), Don't bother posting anyways; Obviously you are too immature for this community.

Take some hard criticism, and learn how to at least float before jumping in the water with 1000 great whites.
If you ever grow into bigger shoes, this is one of the threads you'll look back on and say "I was stupid as hell, wtf was I smoking?".