Beispiel #1
0
        public static bool ListMemory(FMemoryInfos memories, int processId)
        {
            memories.Clear();
            // List modules
            FModuleInfoCollection modules = RModule.ListProcess(processId);
            // List memory
            uint address = 0;
            SMemoryBasicInformation mbi = new SMemoryBasicInformation();
            int    size    = Marshal.SizeOf(mbi);
            IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId);

            if (!RApi.IsValidHandle(process))
            {
                return(false);
            }
            while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0)
            {
                FMemoryInfo memory = new FMemoryInfo();
                memory.AllocationBase    = mbi.AllocationBase;
                memory.AllocationProtect = mbi.AllocationProtect;
                memory.BaseAddress       = mbi.BaseAddress;
                memory.Protect           = mbi.Protect;
                memory.RegionSize        = mbi.RegionSize;
                memory.State             = mbi.State;
                memory.Type   = mbi.Type;
                memory.Module = modules.FindByAddress(mbi.AllocationBase);
                memories.Push(memory);
                address = mbi.BaseAddress + mbi.RegionSize;
            }
            ;
            RKernel32.CloseHandle(process);
            return(true);
        }
Beispiel #2
0
        public static void Hook(SHookInfo hook)
        {
            Nullable <SModuleEntry32> module = RModule.Find(hook.Module);

            if (module.HasValue)
            {
                FTrunkInfo[] trunks = RModule.FetchTrunks(module.Value.hModule);
                foreach (FTrunkInfo trunk in trunks)
                {
                    if (trunk.Name == hook.Function)
                    {
                        HookApi(hook, trunk);
                    }
                }
            }
        }