How do I find all variables that an exe file uses?
I mean is it possible to fine variable's address, type or name ?
I have an exe file that do not know by what language is written.
But when you run it, a process will begin working and variables will initial in RAM memory.
I know how to read memory
I know variable's (address,type,name) are in memory too.
But I do not know what bytes are for what variable.
There is how i read memory of a process.
What I have tried:
const int PROCESS_WM_READ = 0x0010;
const int PROCESS_ALL_ACCESS = 0x1F0FFF;
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess, long lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(int hProcess, long lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesWritten);
public Process process;
public IntPtr processHandle;
void Read()
{
process = Process.GetProcessesByName("ProcessesName")[0];
processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
IntPtr startOffset = process.MainModule.BaseAddress;
IntPtr endOffset = IntPtr.Add(startOffset, process.MainModule.ModuleMemorySize);
string startOffsetStr = startOffset.ToString("X");
string endOffsetStr = endOffset.ToString("X");
int start = int.Parse(startOffsetStr, NumberStyles.HexNumber);
int end = int.Parse(endOffsetStr, NumberStyles.HexNumber);
int totalBytes = end - start;
int bytesRead = 0;
byte[] buffer = new byte[totalBytes];
ReadProcessMemory((int)processHandle, start, buffer, buffer.Length, ref bytesRead);
string result = ByteArrayToHexString(buffer);
File.WriteAllText("C:\\result.txt", result);
}
public static string ByteArrayToHexString(byte[] baytes)
{
StringBuilder hex = new StringBuilder(baytes.Length * 2);
for (int i = baytes.Length - 1; i >= 0; i--)
{
hex.AppendFormat("{0:x2}", baytes[i]);
}
return hex.ToString();
}
Thank you in advanc.