ReadProcessMemory

Salutare tuturor,
incerc de ceva vreme sa citesc un text din adresele de memorie ale unui process. Pana acum am reusit sa identific mbi.baseaddress si mbi.regionsize si sa citesc din fiecare adresa cate un byte, insa dureaza o vesnicie si nici nu prea are rezultate.
Ceea ce vreau este ca proiectul meu sa acceseze procesul, sa identifice prima adresa si dimensiunea spatiului ocupat si sa citeasca intreg blocul de memorie intr-un string si apoi sa verifice daca blocul respectiv contine textul pe care trebuie sa-l caute, apoi sa treaca la urmatoarea zona de memorie in caz ca nu a gasit nimic. Textul de cautat este "34,56,23,74,69" iar procesul este "firefox"
Poate ma puteti ajuta,multumesc



Imports VB = Microsoft.VisualBasic
Imports System.Runtime.InteropServices
Imports System.Security.Permissions
Public Class Form1
    Inherits System.Windows.Forms.Form
#Region " Windows Form Designer generated code "
    Public Sub New()
        MyBase.New()
        InitializeComponent()
    End Sub
    Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
        If disposing Then
            If Not (components Is Nothing) Then
                components.Dispose()
            End If
        End If
        MyBase.Dispose(disposing)
    End Sub

    Private components As System.ComponentModel.IContainer
    Friend WithEvents CheckedListBox1 As System.Windows.Forms.CheckedListBox
    Friend WithEvents RichTextBox1 As System.Windows.Forms.RichTextBox
    Friend WithEvents Command1 As System.Windows.Forms.Button
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
        Me.Command1 = New System.Windows.Forms.Button()
        Me.CheckedListBox1 = New System.Windows.Forms.CheckedListBox()
        Me.RichTextBox1 = New System.Windows.Forms.RichTextBox()
        Me.SuspendLayout()
        '
        'Command1
        '
        Me.Command1.BackColor = System.Drawing.SystemColors.Control
        Me.Command1.ForeColor = System.Drawing.SystemColors.ControlText
        Me.Command1.Location = New System.Drawing.Point(0, -1)
        Me.Command1.Name = "Command1"
        Me.Command1.Size = New System.Drawing.Size(121, 23)
        Me.Command1.TabIndex = 0
        Me.Command1.Text = "Command1"
        Me.Command1.UseVisualStyleBackColor = False
        '
        'CheckedListBox1
        '
        Me.CheckedListBox1.FormattingEnabled = True
        Me.CheckedListBox1.Location = New System.Drawing.Point(1, 28)
        Me.CheckedListBox1.Name = "CheckedListBox1"
        Me.CheckedListBox1.Size = New System.Drawing.Size(120, 454)
        Me.CheckedListBox1.TabIndex = 1
        '
        'RichTextBox1
        '
        Me.RichTextBox1.Location = New System.Drawing.Point(127, -1)
        Me.RichTextBox1.Name = "RichTextBox1"
        Me.RichTextBox1.Size = New System.Drawing.Size(877, 483)
        Me.RichTextBox1.TabIndex = 2
        Me.RichTextBox1.Text = ""
        '
        'Form1
        '
        Me.BackColor = System.Drawing.SystemColors.Control
        Me.ClientSize = New System.Drawing.Size(1004, 484)
        Me.Controls.Add(Me.RichTextBox1)
        Me.Controls.Add(Me.CheckedListBox1)
        Me.Controls.Add(Me.Command1)
        Me.ForeColor = System.Drawing.SystemColors.ControlText
        Me.Name = "Form1"
        Me.Text = "Form1"
        Me.ResumeLayout(False)

    End Sub
#End Region

    Structure MEMORY_BASIC_INFORMATION ' 28 bytes
        Dim BaseAddress As Integer
        Dim AllocationBase As Integer
        Dim AllocationProtect As Integer
        Dim RegionSize As Integer
        Dim State As Integer
        Dim Protect As Integer
        Dim lType As Integer
    End Structure
    Structure SYSTEM_INFO ' 36 Bytes
        Dim dwOemID As Integer
        Dim dwPageSize As Integer
        Dim lpMinimumApplicationAddress As Integer
        Dim lpMaximumApplicationAddress As Integer
        Dim dwActiveProcessorMask As Integer
        Dim dwNumberOrfProcessors As Integer
        Dim dwProcessorType As Integer
        Dim dwAllocationGranularity As Integer
        Dim wProcessorLevel As Short
        Dim wProcessorRevision As Short
    End Structure
    <SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _
    Private Declare Function VirtualQueryEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As UInteger) As IntPtr
    '<DllImport("kernel32.dll", SetLastError:=True)> Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As IntPtr, ByVal iSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
    'End Function
    Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByRef lpBuffer As Int32, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32

    Private Declare Sub GetSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SYSTEM_INFO)
    Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal blnheritHandle As Integer, ByVal dwAppProcessId As Integer) As Integer
    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
    Public Const PROCESS_ALL_ACCESS As Integer = &H1F0FFF
    Const MEM_PRIVATE As Integer = &H20000
    Const MEM_COMMIT As Short = &H1000

    Private Sub Command1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Command1.Click
        Dim hProcess As IntPtr
        'Dim hProcess As Int32
        Dim lpMem As UInteger, lLenMBI As IntPtr
        'Dim lWritten As Integer, CalcAddress As IntPtr, lPos As Long
        Dim lWritten As Long, CalcAddress As Integer, lPos As Long = 0
        Dim sBuffer As Long
        'Dim sBuffer As String
        Dim sSearchString As String
        Dim si As SYSTEM_INFO
        Dim mbi As MEMORY_BASIC_INFORMATION
        Dim ret As IntPtr
        sSearchString = "34,56,23,74,69"

        hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, game_hwnd)
        lLenMBI = Len(mbi)
        GetSystemInfo(si)
        lpMem = si.lpMinimumApplicationAddress

        Do While lpMem < si.lpMaximumApplicationAddress
            mbi.RegionSize = 0
            ret = VirtualQueryEx(hProcess, lpMem, mbi, lLenMBI)
            If ret = lLenMBI Then
                If ((mbi.lType = MEM_PRIVATE) And (mbi.State = MEM_COMMIT)) Then
                    If mbi.RegionSize > 0 Then
                        'sBuffer = StrDup(mbi.RegionSize, 0)                'AICI NU MERGE
                        'sBuffer = mbi.RegionSize
                        Dim rett As Byte() = Nothing

                        Dim tStr As String = Nothing
                        Dim address As Integer = 0
                        Dim retstr As String = ""
                        address = mbi.BaseAddress
                        sBuffer = 10000
                        RichTextBox1.AppendText("region: " & mbi.RegionSize & "                             address: " & address & vbNewLine)
                        For i As Integer = 0 To mbi.RegionSize Step 10000
                            ReadProcessMemory(hProcess, address + i, sBuffer, 1, 0)   'AICI NU MERGE
                            rett = BitConverter.GetBytes(sBuffer)
                            tStr = System.Text.Encoding.ASCII.GetString(rett)
                            retstr += tStr
                            'retstr += sBuffer
                            Application.DoEvents()
                        Next


                        If InStr(retstr, sSearchString) Then

                            MsgBox("found")
                            Exit Sub
                        End If
                        'lPos = InStr(1, sBuffer, sSearchString, CompareMethod.Text)
                        'If lPos Then
                        'CheckedListBox1.Items.Add((sBuffer.ToString).Substring(lPos - 1, sSearchString.Length))
                        'CalcAddress = mbi.BaseAddress + lPos
                        'CheckedListBox1.Items.Add(CalcAddress.ToString)

                        'Exit Do
                        'End If
                    End If
                End If
                On Error GoTo Finished
                lpMem = mbi.BaseAddress + mbi.RegionSize
                On Error GoTo 0
            Else
                Exit Do
            End If
        Loop
Finished:
        MsgBox("error")
        CloseHandle(hProcess)
    End Sub



    Public Function game_hwnd() As Long
        Dim procList() As Process = Process.GetProcesses()
        Dim iProcID As Integer
        For i As Integer = 0 To UBound(procList)
            Dim strProcName As String = procList(i).ProcessName
            If strProcName = "firefox" Then
                iProcID = procList(i).Id
                Exit For
            End If
        Next
        Return iProcID
    End Function
End Class