Beispiel #1
0
        public void CreateRemoteThread()
        {
            // Arrange
            var handle = MemoryCore.OpenProcess(ProcessAccessFlags.AllAccess, Resources.ProcessTest.Id);

            // Act
            var thread   = ThreadCore.CreateRemoteThread(handle, new IntPtr(1), IntPtr.Zero, ThreadCreationFlags.Suspended);
            var threadId = HandleManipulator.HandleToThreadId(thread);

            // Assert
            Assert.IsFalse(thread.IsInvalid);
            Assert.IsTrue(Resources.ProcessTest.Threads.Cast <ProcessThread>().Any(t => t.Id == threadId));
        }
Beispiel #2
0
        public void AllocateFree()
        {
            // Arrange
            var handle = MemoryCore.OpenProcess(ProcessAccessFlags.AllAccess, Resources.ProcessTest.Id);

            // Act
            try
            {
                var address = MemoryCore.Allocate(handle, 1);
                MemoryCore.Free(handle, address);
            }
            catch (Win32Exception ex)
            {
                Assert.Fail(ex.Message);
            }
        }
Beispiel #3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="MemorySharp"/> class.
 /// </summary>
 /// <param name="process">Process to open.</param>
 public MemorySharp(Process process)
 {
     // Save the reference of the process
     Native = process;
     // Open the process with all rights
     Handle = MemoryCore.OpenProcess(ProcessAccessFlags.AllAccess, process.Id);
     // Initialize the PEB
     Peb = new ManagedPeb(this, ManagedPeb.FindPeb(Handle));
     // Create instances of the factories
     Factories = new List <IFactory>();
     Factories.AddRange(
         new IFactory[] {
         Assembly = new AssemblyFactory(this),
         Memory   = new MemoryFactory(this),
         Modules  = new ModuleFactory(this),
         Threads  = new ThreadFactory(this),
         Windows  = new WindowFactory(this)
     });
 }
Beispiel #4
0
        public void VirtualProtectExWriteReadBytes()
        {
            // Arrange
            var handle   = MemoryCore.OpenProcess(ProcessAccessFlags.AllAccess, Resources.ProcessTest.Id);
            var expected = new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90 };
            var memory   = new IntPtr(0x00400000);

            // Act
            try
            {
                MemoryCore.ChangeProtection(handle, memory, 5, MemoryProtectionFlags.ExecuteReadWrite);
                MemoryCore.WriteBytes(handle, memory, expected);
                var actual = MemoryCore.ReadBytes(handle, memory, 5);

                // Assert
                CollectionAssert.AreEqual(expected, actual, "The collections are not equal.");
            }
            catch (Win32Exception ex)
            {
                Assert.Fail(ex.Message);
            }
        }