public static bool ProcMemoryCopy(StackFrame stackFrame, long dstAddress, long srcAddress, long length)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
var buffer = new byte[Math.Min(length, 4096)];
while (length > 0)
{
if (buffer.Length > length)
{
Array.Resize(ref buffer, (int)length);
}
var byteCount = process.ReadMemory((ulong)srcAddress, DkmReadMemoryFlags.None, buffer);
if (buffer.Length != byteCount)
{
return(false);
}
process.WriteMemory((ulong)dstAddress, buffer);
srcAddress += byteCount;
dstAddress += byteCount;
length -= byteCount;
}
return(true);
}
public static bool WriteMemoryToFile(string fileName, StackFrame stackFrame, long fromAddress,
long lengthToRead, FileMode fileMode = FileMode.Create)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
using (var fs = new FileStream(fileName, fileMode))
{
var buffer = new byte[Math.Min(lengthToRead, 4096)];
while (lengthToRead > 0)
{
if (buffer.Length > lengthToRead)
{
Array.Resize(ref buffer, (int)lengthToRead);
}
var byteCount = process.ReadMemory((ulong)fromAddress, DkmReadMemoryFlags.None, buffer);
if (buffer.Length != byteCount)
{
return(false);
}
fs.Write(buffer, 0, byteCount);
fromAddress += byteCount;
lengthToRead -= byteCount;
}
}
return(0 == lengthToRead);
}
public static bool LoadFileToMemory(string fileName, StackFrame stackFrame, long fromAddress, long lengthToWrite)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
using (var fs = new FileStream(fileName, FileMode.Open))
{
var readBuffer = new byte[Math.Min(lengthToWrite, MAXIMUM_BLOCK_SIZE)];
while (lengthToWrite > 0)
{
var readBytes = fs.Read(readBuffer, 0, Math.Min((int)lengthToWrite, readBuffer.Length));
if (0 == readBytes)
{
return(false);
}
var writeBuffer = readBuffer;
if (readBytes != readBuffer.Length)
{
writeBuffer = new byte[readBytes];
Buffer.BlockCopy(readBuffer, 0, writeBuffer, 0, readBytes);
}
process.WriteMemory((ulong)fromAddress, writeBuffer);
fromAddress += writeBuffer.Length;
lengthToWrite -= writeBuffer.Length;
}
}
return(true);
}
public static void ProcFree(StackFrame stackFrame, long address)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
process.FreeVirtualMemory(
(ulong)address,
0,
0x8000 // MEM_RELEASE
);
}
public static ulong ProcAlloc(StackFrame stackFrame, long size)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
return(process.AllocateVirtualMemory(0,
(int)size,
0x3000, // MEM_COMMIT | MEM_RESERVE
0x04 // PAGE_READWRITE
));
}
public static bool ProcMemset(StackFrame stackFrame, long dstAddress, byte val, long length)
{
var process = DkmMethods.GetDkmProcess(stackFrame);
var buffer = new byte[Math.Min(length, 4096)];
for (int i = 0; i < buffer.Length; ++i)
{
buffer[i] = val;
}
while (length > 0)
{
if (buffer.Length > length)
{
Array.Resize(ref buffer, (int)length);
}
process.WriteMemory((ulong)dstAddress, buffer);
length -= buffer.Length;
dstAddress += buffer.Length;
}
return(0 == length);
}
