/// <summary> /// Get thread base address by ID. Provided by github.com/osadrac /// </summary> /// <param name="threadId"></param> /// <returns></returns> /// <exception cref="Win32Exception"></exception> public static IntPtr GetThreadStartAddress(int threadId) { var hThread = OpenThread(ThreadAccess.QUERY_INFORMATION, false, (uint)threadId); if (hThread == IntPtr.Zero) { throw new Win32Exception(); } var buf = Marshal.AllocHGlobal(IntPtr.Size); try { var result = Imps.NtQueryInformationThread(hThread, ThreadInfoClass.ThreadQuerySetWin32StartAddress, buf, IntPtr.Size, IntPtr.Zero); if (result != 0) { throw new Win32Exception(string.Format("NtQueryInformationThread failed; NTSTATUS = {0:X8}", result)); } return(Marshal.ReadIntPtr(buf)); } finally { CloseHandle(hThread); Marshal.FreeHGlobal(buf); } }
/// <summary> /// Open the PC game process with all security and access rights. /// </summary> /// <param name="pid">Use process name or process ID here.</param> /// <returns>Process opened successfully or failed.</returns> /// <param name="FailReason">Show reason open process fails</param> public bool OpenProcess(int pid, out string FailReason) { /*if (!IsAdmin()) * { * Debug.WriteLine("WARNING: This program may not be running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges"); * }*/ if (pid <= 0) { FailReason = "OpenProcess given proc ID 0."; Debug.WriteLine("ERROR: OpenProcess given proc ID 0."); return(false); } if (mProc.Process != null && mProc.Process.Id == pid) { FailReason = "mProc.Process is null"; return(true); } try { mProc.Process = Process.GetProcessById(pid); if (mProc.Process != null && !mProc.Process.Responding) { Debug.WriteLine("ERROR: OpenProcess: Process is not responding or null."); FailReason = "Process is not responding or null."; return(false); } mProc.Handle = Imps.OpenProcess(0x1F0FFF, true, pid); try { Process.EnterDebugMode(); } catch (Win32Exception) { //Debug.WriteLine("WARNING: You are not running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges"); } if (mProc.Handle == IntPtr.Zero) { var eCode = Marshal.GetLastWin32Error(); Debug.WriteLine("ERROR: OpenProcess has failed opening a handle to the target process (GetLastWin32ErrorCode: " + eCode + ")"); Process.LeaveDebugMode(); mProc = null; FailReason = "failed opening a handle to the target process(GetLastWin32ErrorCode: " + eCode + ")"; return(false); } // Lets set the process to 64bit or not here (cuts down on api calls) mProc.Is64Bit = Environment.Is64BitOperatingSystem && (IsWow64Process(mProc.Handle, out bool retVal) && !retVal); mProc.MainModule = mProc.Process.MainModule; //GetModules(); Debug.WriteLine("Process #" + mProc.Process + " is now open."); FailReason = ""; return(true); } catch (Exception ex) { Debug.WriteLine("ERROR: OpenProcess has crashed. " + ex); FailReason = "OpenProcess has crashed. " + ex; return(false); } }