public void TestModuleCollectionBehavior()
{
ProcessModule[] mArray = Process.GetCurrentProcess().Modules.Cast<ProcessModule>().ToArray();
// Constructor
ProcessModuleCollection moduleCollection = new ProcessModuleCollection(mArray);
// Count
Assert.Equal(mArray.Count(), moduleCollection.Count);
// get_item, Contains, IndexOf
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleCollection[i]);
Assert.True(moduleCollection.Contains(mArray[i]));
Assert.Equal(i, moduleCollection.IndexOf(mArray[i]));
}
// CopyTo
ProcessModule[] moduleArray = new ProcessModule[moduleCollection.Count + 1];
moduleCollection.CopyTo(moduleArray, 1);
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleArray[i + 1]);
}
Assert.Throws<ArgumentOutOfRangeException>(() => moduleCollection.CopyTo(moduleArray, -1));
// Explicit interface implementations
Assert.False(((ICollection)moduleCollection).IsSynchronized);
Assert.NotNull(((ICollection)moduleCollection).SyncRoot);
moduleArray = new ProcessModule[moduleCollection.Count];
((ICollection)moduleCollection).CopyTo(moduleArray, 0);
Assert.Equal(moduleCollection.Cast<ProcessModule>().ToArray(), moduleArray);
// GetEnumerator
IEnumerator enumerator = moduleCollection.GetEnumerator();
Assert.Throws<InvalidOperationException>(() => enumerator.Current);
for (int i = 0; i < moduleCollection.Count; i++)
{
enumerator.MoveNext();
Assert.Equal(moduleCollection[i], enumerator.Current);
}
}
public ProcessInfo(string name, string pid, string window, ProcessModuleCollection processModuleCollection, ProcessThreadCollection processThreadCollection, string mainModule)
// конструктор с параметрами - должен пополняться по мере увеличения кол-ва необходимых полей
{
Name = name;
PID = pid;
//Window = window;
MainModule = mainModule;
ProcessModuleCollection = processModuleCollection;
ProcessThreadCollection = processThreadCollection;
foreach (ProcessModule module in processModuleCollection) // создаем список модулей, которые используются процессом
{
_modulesNames.Add(module.FileName);
}
foreach (ProcessThread thread in processThreadCollection)
{
_threadNames.Add(thread.Id.ToString());
}
}
/// <summary>
/// Closes the handle to the open process (or does nothing if a process has not been opened).
/// </summary>
public void CloseProcess()
{
if (m_hProcess != IntPtr.Zero)
{
Imports.CloseHandle(m_hProcess);
}
m_hProcess = IntPtr.Zero;
m_hWnd = IntPtr.Zero;
m_ProcessId = 0;
m_MainModule = null;
m_Modules = null;
m_bProcessOpen = false;
Asm.SetProcessHandle(IntPtr.Zero);
}
public void ModulesAreDisposedWhenProcessIsDisposed()
{
Process process = CreateDefaultProcess();
ProcessModuleCollection modulesCollection = process.Modules;
int expectedCount = 0;
int disposedCount = 0;
foreach (ProcessModule processModule in modulesCollection)
{
expectedCount += 1;
processModule.Disposed += (_, __) => disposedCount += 1;
}
process.Dispose();
Assert.Equal(expectedCount, disposedCount);
}
public void TestModuleProperties()
{
ProcessModuleCollection modules = Process.GetCurrentProcess().Modules;
Assert.True(modules.Count > 0);
foreach (ProcessModule module in modules)
{
Assert.NotNull(module);
Assert.NotNull(module.FileName);
Assert.NotEmpty(module.FileName);
Assert.InRange(module.BaseAddress.ToInt64(), long.MinValue, long.MaxValue);
Assert.InRange(module.EntryPointAddress.ToInt64(), long.MinValue, long.MaxValue);
Assert.InRange(module.ModuleMemorySize, 0, long.MaxValue);
}
}
public bool Open(int ProcessId)
{
if (ProcessId == 0)
{
return(false);
}
if (ProcessId == m_ProcessId)
{
return(true);
}
if (m_bProcessOpen)
{
this.CloseProcess();
}
if (SetDebugPrivileges)
{
System.Diagnostics.Process.EnterDebugMode();
}
m_bProcessOpen = (m_hProcess = SProcess.OpenProcess(ProcessId)) != IntPtr.Zero;
if (m_bProcessOpen)
{
m_ProcessId = ProcessId;
m_hWnd = SWindow.FindWindowByProcessId(ProcessId);
m_Modules = Process.GetProcessById(m_ProcessId).Modules;
m_MainModule = m_Modules[0];
if (Asm == null)
{
Asm = new ManagedFasm(m_hProcess);
}
else
{
Asm.SetProcessHandle(m_hProcess);
}
}
return(m_bProcessOpen);
}
/// <summary>
/// Opens a process and its main thread for interaction.
/// </summary>
/// <param name="ProcessId">Process Id of process with which we wish to interact.</param>
/// <returns>Returns true on success, false on failure.</returns>
public bool Open(int ProcessId)
{
if (ProcessId == 0)
{
return(false);
}
if (ProcessId == mProcessId)
{
return(true);
}
if (mProcessOpen)
{
this.CloseProcess();
}
if (SetDebugPrivileges)
{
System.Diagnostics.Process.EnterDebugMode();
}
mProcessOpen = (mProcess = ProcessHelper.OpenProcess(ProcessId)) != IntPtr.Zero;
if (mProcessOpen)
{
mProcessId = ProcessId;
mWnd = WindowHelper.FindWindowByProcessId(ProcessId);
mModules = Process.GetProcessById(mProcessId).Modules;
mMainModule = mModules[0];
#if FASM_MANAGED
if (Asm == null)
{
Asm = new FasmManaged.ManagedFasm(mProcess);
}
else
{
Asm.SetProcessHandle(mProcess);
}
#endif
}
return(mProcessOpen);
}
//static ProcessMemoryReader pReader = new ProcessMemoryReader();
private static void NewOpenProcess()
{
Int32 ProcID = Convert.ToInt32(TrainerForm.eqgameID);
//if (ProcID == 0)
// return;
Process procs = Process.GetProcessById(ProcID);
//if (procs == null)
// return;
pHandle = OpenProcess(0x1F0FFF, false, ProcID);
IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID);
ProcessModuleCollection modules = procs.Modules;
mainModule = procs.MainModule;
//pReader.ReadProcess = procs;
//pReader.OpenProcess();
}
/// <summary>
/// Helper for getting the base address of a module loaded by the current process. This base
/// address could be passed to GetProcAddress/LdrGetProcedureAddress or it could be used for
/// manual export parsing. This function uses the .NET System.Diagnostics.Process class.
/// </summary>
/// <author>Ruben Boonen (@FuzzySec)</author>
/// <param name="DLLName">The name of the DLL (e.g. "ntdll.dll").</param>
/// <returns>IntPtr base address of the loaded module or IntPtr.Zero if the module is not found.</returns>
public static IntPtr GetLoadedModuleAddress(string DLLName)
{
if (cached_lookups.ContainsKey(DLLName))
{
return(cached_lookups[DLLName]);
}
ProcessModuleCollection ProcModules = Process.GetCurrentProcess().Modules;
foreach (ProcessModule Mod in ProcModules)
{
if (Mod.FileName.ToLower().EndsWith(DLLName.ToLower()))
{
return(cached_lookups[DLLName] = Mod.BaseAddress);
}
}
return(IntPtr.Zero);
}
public static void SaveAllModules(ProcessModuleCollection modules)
{
FolderBrowserDialog folderialog = new FolderBrowserDialog();
folderialog.Description = "Choose save location for Modules";
if (folderialog.ShowDialog() == DialogResult.OK)
{
string folderpath = folderialog.SelectedPath;
if (folderpath != null)
{
Console.WriteLine("Reached here");
foreach (ProcessModule module in modules)
{
File.Copy(module.FileName, folderpath + "/" + module.ModuleName);
}
MessageBox.Show(null, "Successfuly Saved All modules to " + folderpath + "Saved Modules", "Saved");
}
}
}
private void RefreshModules()
{
if (_modules == null)
{
_modules = new HashSet <CurrentProcessModule>();
}
try
{
ProcessModuleCollection processModules = _process.Modules;
for (int i = 0; i < processModules.Count; i++)
{
_modules.Add(new CurrentProcessModule(processModules[i]));
}
}
catch (Exception)
{
}
}
public static ProcessModuleCollection SafeGetModules(this Process process)
{
List <ProcessModule> listModules = new List <ProcessModule>();
ProcessModuleCollection modules = new ProcessModuleCollection(listModules.ToArray());
try
{
modules = process.Modules;
}
catch (InvalidOperationException) { }
catch (PlatformNotSupportedException) { }
catch (NotSupportedException) { }
catch (Win32Exception wex)
{
Console.WriteLine($"Couldn't get modules for {process.ProcessName}: {wex.Message}");
}
// return either the modules or an empty collection
return(modules);
}
public static UInt32 GetDllAddress(Process p, string ModuleName)
{
ProcessModuleCollection modules = activeProcess.Modules;
ProcessModule dllBaseAdressIWant = null;
foreach (ProcessModule i in modules)
{
if (i.ModuleName == ModuleName)
{
dllBaseAdressIWant = i;
}
}
if (dllBaseAdressIWant == null)
{
throw new Exception("DLL address not found!");
}
return((UInt32)dllBaseAdressIWant.BaseAddress.ToInt32());
}
private void readMoudeles()
{
while (true)
{
try
{
if (Process.GetProcessById(_Id).Threads != null)
{
ProcessModuleCollection mo = Process.GetProcessById(_Id).Modules;
_modules = new ObservableCollection <Module>();
updateModules(mo);
}
}
catch (Exception ex)
{
}
Thread.Sleep(2000);
}
}
/// <summary>
/// Gets the module.
/// </summary>
/// <param name="moduleName">Name of the module.</param>
/// <returns></returns>
public UInt32 GetModule(string moduleName)
{
try
{
ProcessModuleCollection modules = System.Diagnostics.Process.GetProcessById(ProcessId).Modules;
for (int i = 0; i < modules.Count; i++)
{
if (modules[i].ModuleName.ToLower() == moduleName.ToLower())
{
return((uint)modules[i].BaseAddress);
}
}
}
catch (Exception e)
{
Logging.WriteError("GetModule(string moduleName): " + e);
}
return(0);
}
private void frmModules_Load(object sender, System.EventArgs e)
{
// Takes the string of modules built up by the btnModules_Click event procedure in
// frmTaskManager and displays into the user in the RichTextBox
Process ProcessInfo = Process.GetProcessById(ProcessID);
ProcessModuleCollection modl = ProcessInfo.Modules;
StringBuilder strMod = new StringBuilder();
foreach (ProcessModule proMod in modl)
{
strMod.Append("Module Name: " + proMod.ModuleName + Environment.NewLine);
}
rchText.Text = strMod.ToString();
}
public static void dlls(int pid)
{
try
{
Process pp = Process.GetProcessById(pid);
ProcessModuleCollection pepe = pp.Modules;
foreach (ProcessModule processModule in pepe)
{
Console.WriteLine(processModule.ModuleName);
}
}
catch (ArgumentException)
{
}
catch (System.ComponentModel.Win32Exception)
{
Console.WriteLine("No puedes obtener esa informacion");
}
}
/// <summary>
/// gets the current working processes (doesnt work)
/// </summary>
/// <param name="strFile"></param>
private void getFileProcesses(string strFile)
{
ArrayList myProcessArray = new ArrayList();
Process myProcess;
myProcessArray.Clear();
Process[] processes = Process.GetProcesses();
int i = 0;
for (i = 0; i <= processes.GetUpperBound(0) - 1; i++)
{
myProcess = processes[i];
//if (!myProcess.HasExited) //This will cause an "Access is denied" error
if (myProcess.Threads.Count > 0)
{
try
{
ProcessModuleCollection modules = myProcess.Modules;
int j = 0;
for (j = 0; j <= modules.Count - 1; j++)
{
if ((modules[j].FileName.ToLower().CompareTo(strFile.ToLower()) == 0))
{
myProcessArray.Add(myProcess);
break;
// TODO: might not be correct. Was : Exit For
}
}
}
catch (Exception exception)
{
//MsgBox(("Error : " & exception.Message))
}
}
}
GuiPreferences.Instance.setLog(myProcessArray.Count.ToString());
foreach (Process p in myProcessArray)
{
GuiPreferences.Instance.setLog(p.ProcessName);
}
}
static void Main(string[] args)
{
if (args.Length >= 2)
{
string targetProcName = args[0];
string excludeTag = args[1];
if (args.Length == 3 && args[2].Equals("debug"))
{
debug = true;
}
Process[] localByName = Process.GetProcessesByName(targetProcName);
foreach (Process proc in localByName)
{
bool kill = true;
log($"Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName} {proc.MainModule.FileName} {proc.Modules.Count}");
ProcessModuleCollection procModuleCollection = proc.Modules;
for (int i = 0; i < procModuleCollection.Count; i++)
{
ProcessModule procModule = procModuleCollection[i];
log($"-The moduleName is {procModule.ModuleName} {procModule.FileName}");
if (procModule.ModuleName.Contains(excludeTag) || procModule.FileName.Contains(excludeTag))
{
kill = false;
log($"-Excluding because is using module {procModule.ModuleName} at {procModule.FileName}");
}
}
if (kill)
{
log($"Killing Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName}");
proc.Kill();
}
else
{
log($"NOT Killing Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName}");
}
}
}
else
{
Console.Out.WriteLine("Please supply two arguments, the first is the process to find, and the second the keywords to exclude");
}
}
public static PROC_VALIDATION ValidateProc(Int32 ProcId)
{
PROC_VALIDATION Pv = new PROC_VALIDATION();
try
{
Process Proc = Process.GetProcessById(ProcId);
ProcessModuleCollection ProcModColl = Proc.Modules;
foreach (ProcessModule Module in ProcModColl)
{
if (Module.FileName.EndsWith("ntdll.dll"))
{
Pv.pNtllBase = Module.BaseAddress;
break;
}
}
Pv.isvalid = true;
Pv.sName = Proc.ProcessName;
Pv.hProc = GetProcessHandle(ProcId);
ulong isWow64 = 0;
uint RetLen = 0;
IntPtr pSysCall = Generic.GetSyscallStub("NtQueryInformationProcess");
NtQueryInformationProcess fSyscallNtQueryInformationProcess = (NtQueryInformationProcess)Marshal.GetDelegateForFunctionPointer(pSysCall, typeof(NtQueryInformationProcess));
fSyscallNtQueryInformationProcess(Pv.hProc, 26, ref isWow64, Marshal.SizeOf(isWow64), ref RetLen);
if (isWow64 == 0)
{
Pv.isWow64 = false;
}
else
{
Pv.isWow64 = true;
}
}
catch
{
Pv.isvalid = false;
}
return(Pv);
}
// Fucntion that lists the modules for a user selected process
public static void ModList(string pidString)
{
int pid;
// Ensure the input is an integer
try
{
pid = Convert.ToInt32(pidString);
}
// If not got to the help and alert the user
catch (Exception ex)
{
Console.WriteLine("Input not an integer. Please try again");
help();
pid = 0;
}
try
{
// Get the process requested by the user pid input
Process process = Process.GetProcessById(pid);
ProcessModule procMod;
// Get the module collection of the process
ProcessModuleCollection processModuleColl = process.Modules;
// For each module in the collection write the modules to console
for (int i = 0; i < processModuleColl.Count; i++)
{
procMod = processModuleColl[i];
// Write the module name and base address in hex
Console.WriteLine("File Name: {0} Base Address: 0x{1}", procMod.FileName, procMod.BaseAddress.ToString("X"));
}
}
// If it fails alert the user and go to the help
catch (Exception ex)
{
Console.WriteLine("No Process Found with that Process ID. \nError: {0}", ex);
help();
}
}
/// <summary>
/// Closes the handle to the open process (or does nothing if a process has not been opened).
/// </summary>
public void CloseProcess()
{
if (mProcess != IntPtr.Zero)
{
Imports.CloseHandle(mProcess);
}
mProcess = IntPtr.Zero;
mWnd = IntPtr.Zero;
mProcessId = 0;
mMainModule = null;
mModules = null;
mProcessOpen = false;
#if FASM_MANAGED
Asm.SetProcessHandle(IntPtr.Zero);
#endif
}
public Tuple <IntPtr, int> GetImageBase()
{
string name = process.ProcessName;
try
{
ProcessModuleCollection modules = process.Modules;
foreach (ProcessModule module in modules)
{
if (module.ModuleName.StartsWith(name, StringComparison.OrdinalIgnoreCase))
{
return(new Tuple <IntPtr, int>(module.BaseAddress, module.ModuleMemorySize));
}
}
}
catch (Win32Exception)
{
}
return(new Tuple <IntPtr, int>(IntPtr.Zero, 0));
}
public static void EnumModulesForPID(int pId)
{
Process proc = null;
try {
proc = Process.GetProcessById(pId);
} catch (ArgumentException ex) {
Console.WriteLine("Invalid Argument");
return;
}
Console.WriteLine("Here are the modules loaded for {0}:", proc.ProcessName);
ProcessModuleCollection procModCollection = proc.Modules;
foreach (ProcessModule module in procModCollection)
{
Console.WriteLine("Module Name: {0}", module.ModuleName);
}
}
public static void Initialize()
{
Client = 0;
Engine = 0;
if (_processHandle != IntPtr.Zero)
{
CloseHandle(_processHandle);
}
Process process;
do
{
Process[] list;
do
{
Thread.Sleep(1000);
list = Process.GetProcessesByName("csgo");
} while (list.Length == 0);
process = list[0];
ProcessModuleCollection modules = process.Modules;
Thread.Sleep(1000);
foreach (ProcessModule module in modules)
{
if (module.ModuleName.Equals("client.dll"))
{
Client = (int)module.BaseAddress;
}
else if (module.ModuleName.Equals("engine.dll"))
{
Engine = (int)module.BaseAddress;
}
}
} while (Client == 0 || Engine == 0);
_processHandle = OpenProcess(ProcessAccessFlags.VirtualMemoryRead, false, process.Id);
OffsetUpdater.UpdateOffsets();
}
private void PinfoBtn_Click(object sender, EventArgs e)
{
string str = textBox2.Text;
int pid = -1;
bool parsed = Int32.TryParse(str, out pid);
pinfoTxt.Clear();
if (!parsed)
{
pinfoTxt.AppendText("Error, invalid PID");
}
else
{
try
{
Process target = Process.GetProcessById(pid);
pinfoTxt.AppendText("Name: " + target.ProcessName + Environment.NewLine);
pinfoTxt.AppendText("PID: " + target.Id + Environment.NewLine);
pinfoTxt.AppendText("Window Title: " + target.MainWindowTitle + Environment.NewLine);
pinfoTxt.AppendText("Threads: " + Environment.NewLine);
ProcessThreadCollection threads = target.Threads;
foreach (ProcessThread thread in threads)
{
pinfoTxt.AppendText("\t" + thread.Id + "\t\t" + thread.StartTime + Environment.NewLine);
}
pinfoTxt.AppendText(Environment.NewLine);
pinfoTxt.AppendText("Modules: " + Environment.NewLine);
ProcessModuleCollection modules = target.Modules;
foreach (ProcessModule module in modules)
{
pinfoTxt.AppendText("\t" + module.ModuleName + "\t\t" + module.FileName + Environment.NewLine);
}
}
catch (ArgumentException ex)
{
pinfoTxt.AppendText("Error, non existent PID");
}
}
}
private bool GetModuleInfo(uint PID, string ModuleName, out MODULEENTRY32 ModuleInfo)
{
ModuleInfo = default(MODULEENTRY32);
//Take a snapshot of the module list
IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID);
if (hModuleList == IntPtr.Zero)
{
return(false);
}
try
{
MODULEENTRY32 me32 = new MODULEENTRY32();
me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32));
//Set cursor at the start and grab the info
if (!Module32First(hModuleList, ref me32))
{
return(false);
}
ProcessModuleCollection progMods = System.Diagnostics.Process.GetProcessById((int)m_pid).Modules;
foreach (ProcessModule module in progMods)
{
if (module.ModuleName == ReadProcess.MainModule.ModuleName)
{
ModuleInfo = me32;
return(true);
}
Module32Next(hModuleList, ref me32);
}
}
finally
{
//gets fired even if return is used
ProcessMemoryReaderApi.CloseHandle(hModuleList);
}
return(false);
}
private void button2_Click(object sender, EventArgs e)
{
p = null;
if (ComprobarPID(textBox2.Text))
{
if (ExistProcess(ref p) && p != null)
{
textBox1.Text = String.Format("{0, -25} | {1, -10} | {2, -30} |\r\n", "NAME", "PID", "MAINWINDOW TITLE");
InfoProcess(p);
try
{
ProcessThreadCollection threads = p.Threads;
textBox1.Text += String.Format("\r\nSUBPROCESS\r\n{0, -10} | {1, -19} |\r\n", "PID", "START TIME");
foreach (ProcessThread t in threads)
{
textBox1.Text += String.Format("{0, -10} | {1, -19} |\r\n",
t.Id, t.StartTime);
}
ProcessModuleCollection modules = p.Modules;
textBox1.Text += String.Format("\r\n\r\n{0, -30}| {1, -50} |\r\n",
"MODULE NAME", "FILE NAME");
foreach (ProcessModule m in modules)
{
textBox1.Text += String.Format("{0, -30}| {1, -50} |\r\n",
m.ModuleName.Length > 30? m.ModuleName.Substring(0, 27) + "..." : m.ModuleName,
m.FileName.Length > 50 ? m.FileName.Substring(0, 47) + "..." : m.FileName);
}
}
catch (Win32Exception)
{
label2.Text = "Access denied";
}
}
else
{
textBox1.Text = "";
label2.Text = "PID not found";
}
}
}
static IntPtr GetBase(SysProcess handle, string module = null)
{
ProcessModuleCollection modules = handle.Modules;
if (module != null)
{
for (int i = 0; i <= modules.Count - 1; i++)
{
if (modules[i].ModuleName == module)
{
return((IntPtr)modules[i].BaseAddress);
}
}
Console.WriteLine("Module Not Found");
}
else
{
return((IntPtr)handle.MainModule.BaseAddress);
}
return((IntPtr)0);
}
/// <summary>
/// Список модулей конкретного процесса.
/// </summary>
/// <param name="pId">Идентификатор процесса</param>
static void EnumModsForPid(int pId)
{
Process process = null;
try
{
process = Process.GetProcessById(pId);
Console.WriteLine("Here are the loaded modules for {0}", process.ProcessName);
ProcessModuleCollection modules = process.Modules;
foreach (ProcessModule processModule in modules)
{
string info = string.Format("-> Mod Name: {0}", processModule.ModuleName);
Console.WriteLine(info);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
}
// Token: 0x06000009 RID: 9 RVA: 0x00002430 File Offset: 0x00000630
private void AntiModuleInjection()
{
while (this._running)
{
ProcessModuleCollection modules = Process.GetCurrentProcess().Modules;
for (int i = 0; i < modules.Count; i++)
{
bool flag = i == 0;
if (!flag)
{
bool flag2 = modules[i].FileVersionInfo.FileMajorPart < 4;
if (flag2)
{
this.Freeze();
}
}
}
this._moduleInjectionFlag.Set();
Thread.Sleep(this.Timeout);
}
}
