public static Boolean WriteMemoryAOB(IntPtr hProcess, IntPtr BaseAddress, string AOB)
{
int written;
string[] tempaob = AOB.Split(' ');
int size = tempaob.Length - 1;
byte[] write = new byte[size];
int old = 0;
for (int i = 0; i < size; i++)
{
write[i] = Convert.ToByte(tempaob[i].Trim(), 16);
}
bool result = Win32API.VirtualProtectEx(hProcess, BaseAddress, size, Win32API.PAGE_EXECUTE_READWRITE, out old);
result = Win32API.WriteProcessMemory(hProcess, BaseAddress, write, size, out written);
Win32API.VirtualProtectEx(hProcess, BaseAddress, size, old, out old);
return(result);
}
private void button1_Click(object sender, EventArgs e)
{
int bi;
IntPtr kernel = Win32API.GetModuleHandle("kernel32.dll");
if (kernel == IntPtr.Zero)
{
label2.Text = "ERROR";
}
else
{
label2.Text = Convert.ToString(kernel.ToInt64(), 16);
progressBar1.PerformStep();
}
IntPtr lploadlibrary = Win32API.GetProcAddress(kernel, "LoadLibraryA");
if (lploadlibrary == IntPtr.Zero)
{
label4.Text = "ERROR";
}
else
{
label4.Text = Convert.ToString(lploadlibrary.ToInt64(), 16);
progressBar1.PerformStep();
}
IntPtr param = Win32API.VirtualAllocEx(MyProc.Handle, (IntPtr)0, 100, Win32API.MEM_COMMIT, Win32API.PAGE_READWRITE);
if (param == IntPtr.Zero)
{
label6.Text = "ERROR";
}
else
{
label6.Text = Convert.ToString(param.ToInt64(), 16);
progressBar1.PerformStep();
}
bool wpm = Win32API.WriteProcessMemory(MyProc.Handle, param, this.dllpath2, this.dllpath.Length, out bi);
if (wpm == false)
{
label8.Text = "ERROR";
}
else
{
label8.Text = Convert.ToString(wpm);
progressBar1.PerformStep();
}
IntPtr remoteThread = Win32API.CreateRemoteThread(MyProc.Handle, 0, 0, lploadlibrary, param, 0, (IntPtr)0);
if (remoteThread == IntPtr.Zero)
{
label10.Text = "ERROR";
}
else
{
label10.Text = Convert.ToString(remoteThread.ToInt64(), 16);
progressBar1.PerformStep();
Win32API.CloseHandle(remoteThread);
}
}
