/// <summary>
/// Searches through the target process's memory and identifies regions that are of interest, when scanning.
/// Creates a Region and saves it to the list of Regions for future scans.
/// </summary>
/// <param name="minAddress">The minimum address that should be used, during this search.</param>
/// <param name="maxAddress">The maximum address that should be used, during this search.</param>
/// <returns>Returns true on successfully identifying regions in the target's memory.</returns>
public bool IdentifyRegions(ulong minAddress = 0, ulong maxAddress = 0)
{
if (!this.IsOpen)
{
this.Status.Log(
"Unable to identify regions, because the target process has not been opened.",
Logger.Level.HIGH);
return(false);
}
if (maxAddress == 0)
{
maxAddress = (ulong)SysInteractor.MaxAddress;
}
WinApi.MEMORY_BASIC_INFORMATION mbi = new WinApi.MEMORY_BASIC_INFORMATION();
ulong address = minAddress;
bool result = true;
this.Regions.Clear();
while (address < maxAddress)
{
result = WinApi.VirtualQueryEx(Proc.Handle, (IntPtr)address, out mbi, (uint)Marshal.SizeOf(mbi));
if (result && IsReadable(mbi))
{
Region r = new Region((IntPtr)address, (uint)mbi.RegionSize, mbi.Protect, mbi.Type);
this.Regions.Add(r);
}
address += (ulong)mbi.RegionSize;
}
return(this.Regions.Count > 0);
}
/// <summary>
/// Determines if the provided address is readable for the specified number of bytes.
/// </summary>
/// <param name="mbi">The memory basic information variable containing data about the target region.</param>
/// <returns>Returns true if the provided address is readable for the specified number of bytes.</returns>
public bool IsReadable(WinApi.MEMORY_BASIC_INFORMATION mbi)
{
if (!this.IsOpen)
{
this.Status.Log(
"Unable to determine memory range readability, because the target process has not been opened.",
Logger.Level.HIGH);
return(false);
}
return
((mbi.Protect == WinApi.MemoryProtect.PAGE_READWRITE ||
mbi.Protect == WinApi.MemoryProtect.PAGE_EXECUTE_READWRITE ||
mbi.Protect == WinApi.MemoryProtect.PAGE_WRITECOPY ||
mbi.Protect == WinApi.MemoryProtect.PAGE_READONLY ||
mbi.Protect == WinApi.MemoryProtect.PAGE_EXECUTE_READ) &&
(mbi.Type != WinApi.MemoryType.MEM_MAPPED));
}
/// <summary>
/// Determines if the page in which address appears is readable.
/// </summary>
/// <param name="address">The address to test for readability.</param>
/// <returns>Returns true if the provided address is readable for the specified number of bytes.</returns>
public bool IsReadable(IntPtr address)
{
if (!this.IsOpen)
{
this.Status.Log(
"Unable to determine memory range readability, because the target process has not been opened.",
Logger.Level.HIGH);
return(false);
}
WinApi.MEMORY_BASIC_INFORMATION mbi = new WinApi.MEMORY_BASIC_INFORMATION();
if (WinApi.VirtualQueryEx(this.ProcHandle, address, out mbi, (uint)Marshal.SizeOf(mbi)))
{
this.Status.Log(
"Unable to determine memory range readability, because the target memory range could not be " +
"analyzed with VirtualQueryEx.",
Logger.Level.HIGH);
return(false);
}
return(this.IsReadable(mbi));
}