private List <MemorySegmentInfo> EnumerateSegments64(UInt64 moduleBaseAddress, int moduleLength)
{
List <MemorySegmentInfo> segments = new List <MemorySegmentInfo>();
MEMORY_BASIC_INFORMATION64 memInfo = new MEMORY_BASIC_INFORMATION64();
UInt64 addressIter = moduleBaseAddress;
UInt64 addressEnd = moduleBaseAddress + (UInt64)moduleLength;
while (addressIter < addressEnd)
{
if (MemoryAPI.VirtualQueryEx64(ProcessHandle, (IntPtr)addressIter, out memInfo, 48) == 0) //48 = sizeof(MEMORY_BASIC_INFORMATION64)
{
throw new Exception("VirtualQueryEx failed! " + MemoryAPI.GetLastError().ToString());
}
if (memInfo.State == (int)MemoryState.MEM_COMMIT)
{
segments.Add(new MemorySegmentInfo()
{
SegmentStart = (UInt64)memInfo.BaseAddress, SegmentSize = memInfo.RegionSize
});
}
addressIter += (UInt64)memInfo.RegionSize;
}
return(segments);
}
private void Open()
{
string processPath = CurrentProcess.MainModule.FileName;
BinaryType processBinaryType;
if (!MemoryAPI.GetBinaryType(processPath, out processBinaryType))
{
throw new Exception("Failed to get process binary type!");
}
switch (processBinaryType)
{
case BinaryType.SCS_32BIT_BINARY:
Is64BitProcess = false;
break;
case BinaryType.SCS_64BIT_BINARY:
Is64BitProcess = true;
break;
default:
throw new Exception("Unsupported process type!");
}
ProcessHandle = MemoryAPI.OpenProcess(CurrentProcess, ProcessAccessFlags.All);
if (ProcessHandle == IntPtr.Zero)
{
throw new Exception("Failed to open process!");
}
ProcessOpen = true;
}
public void WriteBuffer(UInt64 address, byte[] bytes)
{
if (!IsOpen())
{
throw new Exception("Process is not open!");
}
IntPtr targetAddress = (IntPtr)address;
IntPtr numWrite;
uint oldProtect, oldProtect2;
MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, (uint)MemoryProtection.PAGE_EXECUTE_READWRITE, out oldProtect);
if (!MemoryAPI.WriteProcessMemory(ProcessHandle, targetAddress, bytes, bytes.Length, out numWrite))
{
MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2);
throw new Exception("Failed writing memory!");
}
if ((int)numWrite != bytes.Length)
{
MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2);
throw new Exception("Could not write enough bytes!");
}
MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2);
}
public void Close(bool GC_Call)
{
if (!ProcessOpen)
{
return;
}
MemoryAPI.CloseHandle(ProcessHandle);
ProcessHandle = IntPtr.Zero;
ProcessOpen = false;
}
public byte[] ReadBuffer(UInt64 address, int size)
{
if (!IsOpen())
{
throw new Exception("Process is not open!");
}
IntPtr targetAddress = (IntPtr)address;
IntPtr numRead;
byte[] returnBytes = new byte[size];
if (!MemoryAPI.ReadProcessMemory(ProcessHandle, targetAddress, returnBytes, size, out numRead))
{
throw new Exception("Failed reading memory!");
}
if ((int)numRead != size)
{
throw new Exception("Could not read enough bytes!");
}
return(returnBytes);
}
