ReadProcessMemory

Memory within a specified process can be read using ReadProcessMemory.

Parameters

hProcess

Specifies an open handle to a process whose memory is to be read. The handle must have been created with PROCESS_VM_READ access to the process.

lpBaseAddress

Specifies the base address in the specified process to be read. Before any data transfer occurs, the system verifies that all data within the base address and the specified size is accessible for read access. If this is the case, the function proceeds. Otherwise, the function fails.

lpBuffer

Specifies the address of a buffer which receives the contents from the specified process address space.

cbRead

Specifies the requested number of bytes to read from the specified process.

lpNumberOfBytesRead

An optional parameter, that if specified receives the actual number of bytes transferred into the specified buffer. This can be different than the value of cbRead if the requested read crosses into an area of the process that is inaccessible (and that was made inaccessible during the data transfer). If this occurs, the function returns FALSE and GetLastError returns a “short read” error indicator.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

Comments

This function copies the data in the specified address range from the specified process' address space into the specified buffer of the current process. Any process that has a handle with PROCESS_VM_READ access to the process to be read can call ReadProcessMemory. The process whose address space is being read does not have to be being debugged.

See Also

WriteProcessMemory