ReadProcessMemory with __int64 address

问题

Hey guys I want to get some memory from a process that I already know with CheatEngine. I defined a region that I want to scan (0x190D186FF->0x190D1870A) but the address is too big to be stored in a simple int. That's why I use an __int64 but with that modification ReadProcessMemory doesn't seems to handle the address anymore.

When I compile I got 3 warnings for VirtualProtectEx and ReadProcessMemory: cast to pointer from integer of different size

How can I read really big address from the memory ?

int main( int argc, char *argv[] ) {
HWND            hWnd;
DWORD           PID;
HANDLE          hProc;
__int64         address;
char            mem = 0;
PDWORD          oldProtect = 0;
int             valid = 0;
char            inputPID[4];

printf( "What is the program PID ?\n" );
fgets( inputPID, sizeof( inputPID ), stdin );
PID = (DWORD)atoi( inputPID );

hProc = OpenProcess( PROCESS_VM_READ, false, PID );

if ( !hProc ) {
    printf( "Error: Couldn't open process '%i'\n", PID );
    return 0;
}

for ( address = 0x190D186FF; address <= 0x190D1870A; address++ ) {

    VirtualProtectEx( hProc, (PVOID)address, (SIZE_T)sizeof( address ), PAGE_READONLY, oldProtect );

    valid = ReadProcessMemory( hProc, (PCVOID)address, &mem, (DWORD)sizeof( char ), NULL );

    if ( valid ) {
        printf( "Memory value at 0x%I64x: '%c'\n", address, mem );
    }

    VirtualProtectEx( hProc, (PVOID)address, (SIZE_T)sizeof( address ), (DWORD)oldProtect, NULL );
}

system( "pause" );

}

回答1:

Your problem is your trying to stuff 64bit of data into 32bit variables. You need to switch your project to build in x64.

Your compiler doesn't automatically compile as x64 on a 64 bit OS. You need to change your Configuration build type to compile for x64.

There are 2 ways you can go about making this easier on yourself.

1) Compile for same process architecture as the process you're going to be interacting with, this alleviates many problems. Use uintptr_t or UINT_PTR which will resolve to the correct pointer size either 32 bit or 64 bit depending which you compile for, for all your addresses and offsets.

2) Make your own TYPEDEF like

#define TARGET_X64

#ifdef TARGET_X64
typedef unsigned __int64 addr_ptr
#else
typedef unsigned int addr_ptr
#endif

Then define TARGET_X64 when you're interacting with a x64 process. If you do it like this, and you're compiling as x32 there are certain API's that with have complications when accessing x64 processes and vice versa.

I highly recommend using the first method.

来源：https://stackoverflow.com/questions/39690525/readprocessmemory-with-int64-address