Example #1
0
        /// <summary>
        /// Get thread base address by ID. Provided by github.com/osadrac
        /// </summary>
        /// <param name="threadId"></param>
        /// <returns></returns>
        /// <exception cref="Win32Exception"></exception>
        public static IntPtr GetThreadStartAddress(int threadId)
        {
            var hThread = OpenThread(ThreadAccess.QUERY_INFORMATION, false, (uint)threadId);

            if (hThread == IntPtr.Zero)
            {
                throw new Win32Exception();
            }
            var buf = Marshal.AllocHGlobal(IntPtr.Size);

            try
            {
                var result = Imps.NtQueryInformationThread(hThread,
                                                           ThreadInfoClass.ThreadQuerySetWin32StartAddress,
                                                           buf, IntPtr.Size, IntPtr.Zero);
                if (result != 0)
                {
                    throw new Win32Exception(string.Format("NtQueryInformationThread failed; NTSTATUS = {0:X8}", result));
                }
                return(Marshal.ReadIntPtr(buf));
            }
            finally
            {
                CloseHandle(hThread);
                Marshal.FreeHGlobal(buf);
            }
        }
Example #2
0
        /// <summary>
        /// Open the PC game process with all security and access rights.
        /// </summary>
        /// <param name="pid">Use process name or process ID here.</param>
        /// <returns>Process opened successfully or failed.</returns>
        /// <param name="FailReason">Show reason open process fails</param>
        public bool OpenProcess(int pid, out string FailReason)
        {
            /*if (!IsAdmin())
             * {
             *  Debug.WriteLine("WARNING: This program may not be running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges");
             * }*/

            if (pid <= 0)
            {
                FailReason = "OpenProcess given proc ID 0.";
                Debug.WriteLine("ERROR: OpenProcess given proc ID 0.");
                return(false);
            }


            if (mProc.Process != null && mProc.Process.Id == pid)
            {
                FailReason = "mProc.Process is null";
                return(true);
            }

            try
            {
                mProc.Process = Process.GetProcessById(pid);

                if (mProc.Process != null && !mProc.Process.Responding)
                {
                    Debug.WriteLine("ERROR: OpenProcess: Process is not responding or null.");
                    FailReason = "Process is not responding or null.";
                    return(false);
                }

                mProc.Handle = Imps.OpenProcess(0x1F0FFF, true, pid);

                try {
                    Process.EnterDebugMode();
                } catch (Win32Exception) {
                    //Debug.WriteLine("WARNING: You are not running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges");
                }

                if (mProc.Handle == IntPtr.Zero)
                {
                    var eCode = Marshal.GetLastWin32Error();
                    Debug.WriteLine("ERROR: OpenProcess has failed opening a handle to the target process (GetLastWin32ErrorCode: " + eCode + ")");
                    Process.LeaveDebugMode();
                    mProc      = null;
                    FailReason = "failed opening a handle to the target process(GetLastWin32ErrorCode: " + eCode + ")";
                    return(false);
                }

                // Lets set the process to 64bit or not here (cuts down on api calls)
                mProc.Is64Bit = Environment.Is64BitOperatingSystem && (IsWow64Process(mProc.Handle, out bool retVal) && !retVal);

                mProc.MainModule = mProc.Process.MainModule;

                //GetModules();

                Debug.WriteLine("Process #" + mProc.Process + " is now open.");
                FailReason = "";
                return(true);
            }
            catch (Exception ex) {
                Debug.WriteLine("ERROR: OpenProcess has crashed. " + ex);
                FailReason = "OpenProcess has crashed. " + ex;
                return(false);
            }
        }