Example #1
0
    public void RemoveData(string key)
    {
        bool freed = ProcessMemoryApi.VirtualFreeEx(process.Handle, (IntPtr)dataEntries[key], 0, ProcessMemoryApi.MEM_DECOMMIT);

        Debug.Assert(freed, "Unable to free allocated memory in process.");
        dataEntries.Remove(key);
    }
Example #2
0
    public void AddData(string key, byte[] data)
    {
        int    numWritten;
        IntPtr bufferAddress = ProcessMemoryApi.VirtualAllocEx(process.Handle, IntPtr.Zero, data.Length, ProcessMemoryApi.MEM_COMMIT, ProcessMemoryApi.PAGE_READWRITE);

        Debug.Assert(bufferAddress != IntPtr.Zero, "Could not allocate memory in target process.");
        ProcessMemoryApi.WriteProcessMemory(process.Handle, bufferAddress, data, data.Length, out numWritten);
        Debug.Assert(numWritten == data.Length, "Bad write length returned from WriteProcessMemory()");
        dataEntries.Add(key, bufferAddress);
    }
Example #3
0
    public void Write(int offset, byte[] data)
    {
        int numWritten;

        if (!Available)
        {
            throw new ApplicationException("Process no longer available.");
        }

        //FIXME? check for PROCESS_VM_WRITE and PROCESS_VM_OPERATION?
        ProcessMemoryApi.WriteProcessMemory(process.Handle, (IntPtr)offset, data, data.Length, out numWritten);
        Debug.Assert(numWritten == data.Length, "Wrong number of bytes written.");
    }
Example #4
0
    public byte[] Read(int offset, int size)
    {
        byte[] buffer = new byte[size];
        IntPtr numRead;

        if (!Available)
        {
            throw new ApplicationException("Process no longer available.");
        }

        ProcessMemoryApi.ReadProcessMemory(process.Handle, (IntPtr)offset, buffer, size, out numRead);

        return(buffer);
    }
Example #5
0
        public void Start()
        {
            IntPtr handle = IntPtr.Zero;
            int    threadId;

            try
            {
                while (procMem.DataAddress["__delegatorParams"] != null)
                {
                    Thread.Sleep(0);
                }
                procMem.AddData("__delegatorFunction", delegatorFunction);
                BinaryWriter wtr = new BinaryWriter(new MemoryStream());
                foreach (int element in delegatorParams)
                {
                    wtr.Write(element);
                }
                procMem.AddData("__delegatorParams", ((MemoryStream)wtr.BaseStream).ToArray());

                handle = ProcessMemoryApi.CreateRemoteThread(procMem.Handle, IntPtr.Zero, 0, (IntPtr)procMem.DataAddress["__delegatorFunction"], (IntPtr)procMem.DataAddress["__delegatorParams"], 0, out threadId);
                while (true)
                {
                    ProcessMemoryApi.GetExitCodeThread(handle, out result);
                    if (result != STILL_ACTIVE)
                    {
                        break;
                    }
                    Thread.Sleep(100);
                }
            }
            catch (ThreadAbortException)
            {
                ProcessMemoryApi.TerminateThread(handle, out result);
            }
            finally
            {
                procMem.RemoveData("__delegatorFunction");
                procMem.RemoveData("__delegatorParams");
            }
        }