public IntPtr[] ScanArray(Process P, string ArrayString) { EnablePrivileges.GoDebugPriv(); IntPtr[] array = new IntPtr[1]; if (P == null) { return(new IntPtr[1]); } this.Attacked = Process.GetProcessById(P.Id); string[] array2 = ArrayString.Split(new char[] { " "[0] }); for (int i = 0; i < array2.Length; i++) { if (array2[i] == "?") { array2[i] = "??"; } } this.MappedMemory = new List <MEMORY_BASIC_INFORMATION>(); this.MemInfo(this.Attacked.Handle); for (int j = 0; j < this.MappedMemory.Count; j++) { byte[] array3 = new byte[this.MappedMemory[j].RegionSize]; Kernel__.ReadProcessMemory(this.Attacked.Handle, this.MappedMemory[j].BaseAddress, array3, this.MappedMemory[j].RegionSize, 0); IntPtr value = IntPtr.Zero; if (array3.Length != 0) { value = this.ScanInBuff(this.MappedMemory[j].BaseAddress, array3, array2); } if (this.StopTheFirst && value != IntPtr.Zero) { array = new IntPtr[0]; array[0] = (IntPtr)(this.MappedMemory[j].BaseAddress.ToInt32() + value.ToInt32()); return(array); } } if (!this.StopTheFirst && this.AddressList.Count > 0) { array = new IntPtr[this.AddressList.Count]; for (int k = 0; k < this.AddressList.Count; k++) { array[k] = this.AddressList[k]; } this.AddressList.Clear(); return(array); } return(array); }
public IntPtr[] ScanArray(Process P, string ArrayString_) { EnablePrivileges.GoDebugPriv();//Define o privilégio de depuração //Logs.DeleteLog(); if (P == null)//se não encontrar o processo { return(Retorna); } else { Attacked = Process.GetProcessById(P.Id); //ReCheck Pos Privileges } ArrayString = ArrayString_; StartScan(); return(Retorna); }
public static void GoDebugPriv() { IntPtr intPtr; if (!EnablePrivileges.OpenProcessToken(EnablePrivileges.GetCurrentProcess(), EnablePrivileges.TOKEN_ADJUST_PRIVILEGES | EnablePrivileges.TOKEN_QUERY, out intPtr)) { return; } EnablePrivileges.LUID luid; if (!EnablePrivileges.LookupPrivilegeValue(null, "SeDebugPrivilege", out luid)) { EnablePrivileges.CloseHandle(intPtr); return; } EnablePrivileges.TOKEN_PRIVILEGES token_PRIVILEGES; token_PRIVILEGES.PrivilegeCount = 1u; token_PRIVILEGES.Luid = luid; token_PRIVILEGES.Attributes = 2u; EnablePrivileges.AdjustTokenPrivileges(intPtr, false, ref token_PRIVILEGES, 0u, IntPtr.Zero, IntPtr.Zero); EnablePrivileges.CloseHandle(intPtr); }
public dotNetMemoryScan() { EnablePrivileges.GoDebugPriv(); }