I've added a reference to Windows Script Host Object Model, and here's the code I use with it for starting the Windows calculator, and getting an object representing the running program too.
The neat thing about this is now b (an instance of WshExec) has direct access a number things associated with the EXE file that was run by the a.Exec code. One of these is the process ID (I get that simply by using the code b.ProcessID). So I was able to skip a number of API calls that I'd normally have used up to this point. But I can't go all the way without using API calls. The next step is to use Toolhelp32ReadProcessMemory. Here's what I've got in way of using that API function.
Now when I click the button, the program is supposed to use the process ID acquired with b.ProcessID, and start at offset 0 in the virtual memory space for that process, and copy 256 bytes (starting at the previously mentioned offset) into the array c. Then it should display the contents of c (as well as the other variables d and e, to give an indication of what is going on). 90% of the time, I am finding that d=0 and e=0, which indicates that it was not able to get the memory I was asking for. Every once in a while, I'm lucky, and e=1 and d=256, and the array c contains the first 256 bytes of memory that was copied from the calculator process's virtual memory space.
Why does this work so infrequently? I am feeding the proper things into the arguments in the function Toolhelp32ReadProcessMemory, but the vast majority of the time, it doesn't work. Why?
Code:
Dim a As New WshShell
Dim b As WshExec
Private Sub Form_Load()
Set b = a.Exec("calc")
End SubCode:
Private Declare Function Toolhelp32ReadProcessMemory Lib "KERNEL32.dll" (ByVal th32ProcessID As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal cbRead As Long, ByRef lpNumberOfBytesRead As Long) As Long
Dim c() As Byte
Dim d As Long
Dim e As Long
Private Sub Command1_Click()
ReDim c(255)
e = Toolhelp32ReadProcessMemory(b.ProcessID, 0, c(0), 256, d)
Cls
Print e
If e Then
ReDim Preserve c(d - 1)
Print d
Print StrConv(c, vbUnicode)
End If
End SubWhy does this work so infrequently? I am feeding the proper things into the arguments in the function Toolhelp32ReadProcessMemory, but the vast majority of the time, it doesn't work. Why?