so my driver can read integers, DWORD64 etc but now i want to read strings i tried a lot of things and am sure this one should work but for some reason it displays some random chars
this is how am reading from kernel
<pre>PCHAR ReadMem_String(MEMDATA *data) {
NTSTATUS ntStatus;
PEPROCESS targetProc;
char string[12800] = "";
ntStatus = PsLookupProcessByProcessId((HANDLE)(*data).proccessId, &targetProc);
if (ntStatus != STATUS_SUCCESS || !targetProc)
return;
__try {
KeAttachProcess((PKPROCESS)targetProc);
if (MmIsAddressValid((void*)(*data).address))
RtlCopyMemory(string, (const void*)data->address, data->Read);
KeDetachProcess();
}
__except (GetExceptionCode()) {
return;
}
return(string);
}
case(READ_chars): {
MEMDATA *userCom = pBuf;
PCHAR string = ReadMem_String(userCom);
RtlCopyMemory(pBuf, string, strlen(string));
size = strlen(string);
break;
}
also am using method buffered
in my usermode program
<pre> char Readchar(UINT64 proccessId, uint64_t address) {
MEMDATA dataToSend;
uint64_t readBuffer;
DWORD64 dwBytesToRead = 0;
dataToSend.proccessId = proccessId;
dataToSend.address = address;
dataToSend.Read = 0;
DeviceIoControl(hDriver, READ_INT, &dataToSend, sizeof(MEMDATA), &readBuffer, sizeof(readBuffer), 0, 0);
CloseHandle(hDriver);
return((char)readBuffer);
}
and am converting chars to strings like this
<pre lang="c++"><pre> char test = Driver.Readchar(PID, 0x40E066FDB0);
const char* add = reinterpret_cast<const char*>(&test);
std::string str = add;
printf("String found: %s\n", str.c_str());
and my struct is
typedef struct {
DWORD64 proccessId;
DWORD64 address;
DWORD64 Read;
} MEMDATA;
hope someone could help me and thanks for @
Richard MacCutchan
for helping me with the old problem :D
also pls if you know the fix of this problem dont just tell me its that or that just pls give me or show me the code to fix it
What I have tried:
<pre lang="c++"><pre>char test = Driver.Readchar(PID, 0x40E066FDB0);
const char* add = reinterpret_cast<const char*>(&test);
std::string str = add;
printf("String found: %s\n", str.c_str());
but it didn't work i want to read
DefaultString
and it reads it like this
@ΘùΦ