public static void WriteProcessMemory <T>(UInt64 addr, T value)
{
if (typeof(T) == typeof(String))
{
var bytes = Encoding.UTF8.GetBytes((String)(Object)value);
var l = bytes.ToList();
l.AddRange(Enumerable.Range(0, 16).Select(a => (Byte)0).ToList());
bytes = l.ToArray();
for (var i = 0u; i < bytes.Length - 8; i += 8)
{
WriteProcessMemory(addr + i, BitConverter.ToUInt64(bytes, (Int32)i));
}
return;
}
var size = Marshal.SizeOf <T>();
var objPtr = Marshal.AllocHGlobal(size);
Marshal.StructureToPtr(value, objPtr, false);
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = addr;
input.Size = size;
input.Buffer = objPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_WPM, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
Marshal.FreeHGlobal(objPtr);
}
public static T ReadProcessMemory <T>(UInt64 addr)
{
if (typeof(T) == typeof(String))
{
List <Byte> bytes = new List <Byte>();
for (UInt64 i = 0; i < 16; i++)
{
var letters8 = ReadProcessMemory <UInt64>(addr + i * 8);
var tempBytes = BitConverter.GetBytes(letters8);
for (int j = 0; j < 8; j++)
{
if (tempBytes[j] == 0)
{
return((T)(Object)Encoding.UTF8.GetString(bytes.ToArray()));
}
bytes.Add(tempBytes[j]);
}
}
return((T)(Object)Encoding.UTF8.GetString(bytes.ToArray()));
}
var size = Marshal.SizeOf <T>();
IntPtr intPtr = Marshal.AllocHGlobal(size);
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = addr;
input.Size = size;
input.Buffer = intPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_RPM, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf(typeof(IoctlMemoryStruct)), ref io, 0);
var obj = Marshal.PtrToStructure <T>(intPtr);
var members = obj.GetType().GetFields();
foreach (var member in members)
{
if (member.FieldType != typeof(String))
{
continue;
}
var t = member.GetValue(obj);
var str23 = ReadProcessMemory <UInt32>(addr + 0x60 + 16);
var offset = Marshal.OffsetOf <T>(member.Name).ToInt32();
var qq = (Int64)Marshal.ReadIntPtr(intPtr, offset + 16);
var smartString = (Int64)Marshal.ReadIntPtr(intPtr, offset + 16) >> 32 == 0x1f;
if (!smartString)
{
continue;
}
var strPtr = (Int32)(Int64)Marshal.ReadIntPtr(intPtr, offset);
var str = ReadProcessMemory <String>((UInt64)strPtr);
member.SetValueDirect(__makeref(obj), str);
}
Marshal.FreeHGlobal(intPtr);
return(obj);
}
public static void CreateThread(UInt64 addr, UInt64 param)
{
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = addr;
input.Size = 0;
input.Buffer = (IntPtr)param;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_CREATE_THREAD, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
}
public static void WriteBytes(IntPtr addr, Byte[] bytes)
{
var objPtr = Marshal.AllocHGlobal(bytes.Length);
Marshal.Copy(bytes, 0, objPtr, bytes.Length);
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = (UInt64)addr;
input.Size = bytes.Length;
input.Buffer = objPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_WPM, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
Marshal.FreeHGlobal(objPtr);
}
public static void FreeProcessMem(UInt64 address)
{
var input = new IoctlMemoryStruct();
var objPtr = Marshal.AllocHGlobal(64);
WriteProcessMemory((UInt64)(objPtr + 8), Allocs[address].Item1);
WriteProcessMemory((UInt64)(objPtr + 16), Allocs[address].Item2);
input.ProcessId = ProcessId;
input.Address = address;
input.Size = 0;
input.Buffer = objPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_DEALLOC, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
Marshal.FreeHGlobal(objPtr);
}
public static void WriteProcessMemory <T>(UInt64 addr, T value)
{
var objPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(T)));
Marshal.StructureToPtr(value, objPtr, false);
var size = Marshal.SizeOf(typeof(T));
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = addr;
input.Size = size;
input.Buffer = objPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_WPM, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
Marshal.FreeHGlobal(objPtr);
}
public static Byte[] ReadBytes(IntPtr addr, Int32 size)
{
IntPtr intPtr = Marshal.AllocHGlobal(size);
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = (UInt64)addr;
input.Size = size;
input.Buffer = intPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_RPM, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf(typeof(IoctlMemoryStruct)), ref io, 0);
var bytes = new Byte[size];
Marshal.Copy(intPtr, bytes, 0, size);
Marshal.FreeHGlobal(intPtr);
return(bytes);
}
public static UInt64 AllocProcessMem(Int32 size)
{
IntPtr intPtr = Marshal.AllocHGlobal(64);
var input = new IoctlMemoryStruct();
input.ProcessId = ProcessId;
input.Address = 0;
input.Size = size;
input.Buffer = intPtr;
var output = new IoctlMemoryStruct();
ulong io = 0;
var status = DeviceIoControl(DeviceHandle, IOCTL_ALLOC, input, Marshal.SizeOf <IoctlMemoryStruct>(), output, Marshal.SizeOf <IoctlMemoryStruct>(), ref io, 0);
var obj = (UInt64)Marshal.ReadInt64(intPtr);
var obj2 = (UInt64)Marshal.ReadInt64(intPtr + 8);
var obj3 = (UInt64)Marshal.ReadInt64(intPtr + 16);
Allocs.Add(obj, Tuple.Create(obj2, obj3));
Marshal.FreeHGlobal(intPtr);
return(obj);
}
