/// <summary>
/// Get thread base address by ID. Provided by github.com/osadrac
/// </summary>
/// <param name="threadId"></param>
/// <returns></returns>
/// <exception cref="Win32Exception"></exception>
public static IntPtr GetThreadStartAddress(int threadId)
{
var hThread = OpenThread(ThreadAccess.QUERY_INFORMATION, false, (uint)threadId);
if (hThread == IntPtr.Zero)
{
throw new Win32Exception();
}
var buf = Marshal.AllocHGlobal(IntPtr.Size);
try
{
var result = Imps.NtQueryInformationThread(hThread,
ThreadInfoClass.ThreadQuerySetWin32StartAddress,
buf, IntPtr.Size, IntPtr.Zero);
if (result != 0)
{
throw new Win32Exception(string.Format("NtQueryInformationThread failed; NTSTATUS = {0:X8}", result));
}
return(Marshal.ReadIntPtr(buf));
}
finally
{
CloseHandle(hThread);
Marshal.FreeHGlobal(buf);
}
}
/// <summary>
/// Open the PC game process with all security and access rights.
/// </summary>
/// <param name="pid">Use process name or process ID here.</param>
/// <returns>Process opened successfully or failed.</returns>
/// <param name="FailReason">Show reason open process fails</param>
public bool OpenProcess(int pid, out string FailReason)
{
/*if (!IsAdmin())
* {
* Debug.WriteLine("WARNING: This program may not be running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges");
* }*/
if (pid <= 0)
{
FailReason = "OpenProcess given proc ID 0.";
Debug.WriteLine("ERROR: OpenProcess given proc ID 0.");
return(false);
}
if (mProc.Process != null && mProc.Process.Id == pid)
{
FailReason = "mProc.Process is null";
return(true);
}
try
{
mProc.Process = Process.GetProcessById(pid);
if (mProc.Process != null && !mProc.Process.Responding)
{
Debug.WriteLine("ERROR: OpenProcess: Process is not responding or null.");
FailReason = "Process is not responding or null.";
return(false);
}
mProc.Handle = Imps.OpenProcess(0x1F0FFF, true, pid);
try {
Process.EnterDebugMode();
} catch (Win32Exception) {
//Debug.WriteLine("WARNING: You are not running with raised privileges! Visit https://github.com/erfg12/memory.dll/wiki/Administrative-Privileges");
}
if (mProc.Handle == IntPtr.Zero)
{
var eCode = Marshal.GetLastWin32Error();
Debug.WriteLine("ERROR: OpenProcess has failed opening a handle to the target process (GetLastWin32ErrorCode: " + eCode + ")");
Process.LeaveDebugMode();
mProc = null;
FailReason = "failed opening a handle to the target process(GetLastWin32ErrorCode: " + eCode + ")";
return(false);
}
// Lets set the process to 64bit or not here (cuts down on api calls)
mProc.Is64Bit = Environment.Is64BitOperatingSystem && (IsWow64Process(mProc.Handle, out bool retVal) && !retVal);
mProc.MainModule = mProc.Process.MainModule;
//GetModules();
Debug.WriteLine("Process #" + mProc.Process + " is now open.");
FailReason = "";
return(true);
}
catch (Exception ex) {
Debug.WriteLine("ERROR: OpenProcess has crashed. " + ex);
FailReason = "OpenProcess has crashed. " + ex;
return(false);
}
}