Ejemplos de WrapperWinAPI en C# (CSharp)

Ejemplo n.º 1

    public bool WriteMemory(IntPtr address, byte[] bufferToWrite)
    {
        if (!IsBound() || bufferToWrite.Length == 0)
        {
            return(false);
        }

        int writeBytes = 0;

        return(WrapperWinAPI.WriteProcessMemory(m_ProcessHandle, address, bufferToWrite, (uint)bufferToWrite.Length, out writeBytes));
    }

Ejemplo n.º 2

    public bool ReadMemoryAt(long address, int bytesToRead, out byte[] buffer)
    {
        buffer = new byte[bytesToRead];
        IntPtr read = new IntPtr();

#if DEBUG
        MEMORY_BASIC_INFORMATION memInfo;
        int dwLength = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION));

        WrapperWinAPI.VirtualQueryEx(m_ProcessHandle, (IntPtr)address, out memInfo, dwLength);
#endif

        return(WrapperWinAPI.ReadProcessMemory(m_ProcessHandle, new IntPtr(address), buffer, bytesToRead, out read));
    }

Ejemplo n.º 3

 public void Release()
 {
     try
     {
         WrapperWinAPI.CloseHandle(m_ProcessHandle);
     }
     catch
     {
         // do nothing
         Console.WriteLine("Nothing to release.");
     }
     finally
     {
         m_ProcessHandle = new IntPtr(0);
         m_Process       = null;
     }
 }

Ejemplo n.º 4

    public string GetUserOwningProcess()
    {
        try
        {
            WindowsIdentity WI   = new WindowsIdentity(m_Process.Handle);
            string          user = WI.Name;

            return(user.Contains(@"\") ? user.Substring(user.IndexOf(@"\") + 1) : user);
        }
        catch
        {
            return(null);
        }
        finally
        {
            WrapperWinAPI.CloseHandle(m_ProcessHandle);
        }
    }

Ejemplo n.º 5

    public void BindToProcessById(int processId)
    {
        // release previous binded process.
        Release();

        try
        {
            m_Process       = Process.GetProcessById(processId);
            m_ProcessHandle = WrapperWinAPI.OpenProcess((int)ProcessAccessFlags.All, false, m_Process.Id);
        }
        catch
        {
            m_Process       = null;
            m_ProcessHandle = new IntPtr(0);

            // do nothing
            Console.WriteLine("Cannot attach to that process... try with admin.");
        }
    }

Ejemplo n.º 6

    public bool ReadMemory(out Dictionary <IntPtr, byte[]> dictionary)
    {
        dictionary = new Dictionary <IntPtr, byte[]>();

        if (!IsBound())
        {
            return(false);
        }

        SYSTEM_INFO sysInfo;

        WrapperWinAPI.GetSystemInfo(out sysInfo);

        IntPtr start = new IntPtr(0);
        IntPtr end   = sysInfo.lpMaximumApplicationAddress;

        long current = 0;

        MEMORY_BASIC_INFORMATION memInfo;
        int dwLength = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION));

        while (current <= end.ToInt64() && WrapperWinAPI.VirtualQueryEx(m_ProcessHandle, (IntPtr)current, out memInfo, dwLength) != 0)
        {
            if (memInfo.State == StateEnum.MEM_COMMIT && memInfo.Protect == AllocationProtectEnum.PAGE_READWRITE)
            {
                byte[] buffer = new byte[memInfo.RegionSize.ToInt32()];
                IntPtr read   = new IntPtr(0);

                IntPtr baseAddr = new IntPtr((long)memInfo.BaseAddress);

                if (WrapperWinAPI.ReadProcessMemory(m_ProcessHandle, baseAddr, buffer, buffer.Length, out read))
                {
                    dictionary.Add(baseAddr, buffer);
                }
            }

            // next memory chunck.
            current = (long)memInfo.BaseAddress + (long)memInfo.RegionSize;
        }

        return(dictionary.Count > 0);
    }