public IntPtr[] ScanArray(Process P, string ArrayString)
{
EnablePrivileges.GoDebugPriv();
IntPtr[] array = new IntPtr[1];
if (P == null)
{
return(new IntPtr[1]);
}
this.Attacked = Process.GetProcessById(P.Id);
string[] array2 = ArrayString.Split(new char[]
{
" "[0]
});
for (int i = 0; i < array2.Length; i++)
{
if (array2[i] == "?")
{
array2[i] = "??";
}
}
this.MappedMemory = new List <MEMORY_BASIC_INFORMATION>();
this.MemInfo(this.Attacked.Handle);
for (int j = 0; j < this.MappedMemory.Count; j++)
{
byte[] array3 = new byte[this.MappedMemory[j].RegionSize];
Kernel__.ReadProcessMemory(this.Attacked.Handle, this.MappedMemory[j].BaseAddress, array3, this.MappedMemory[j].RegionSize, 0);
IntPtr value = IntPtr.Zero;
if (array3.Length != 0)
{
value = this.ScanInBuff(this.MappedMemory[j].BaseAddress, array3, array2);
}
if (this.StopTheFirst && value != IntPtr.Zero)
{
array = new IntPtr[0];
array[0] = (IntPtr)(this.MappedMemory[j].BaseAddress.ToInt32() + value.ToInt32());
return(array);
}
}
if (!this.StopTheFirst && this.AddressList.Count > 0)
{
array = new IntPtr[this.AddressList.Count];
for (int k = 0; k < this.AddressList.Count; k++)
{
array[k] = this.AddressList[k];
}
this.AddressList.Clear();
return(array);
}
return(array);
}
public IntPtr[] ScanArray(Process P, string ArrayString_)
{
EnablePrivileges.GoDebugPriv();//Define o privilégio de depuração
//Logs.DeleteLog();
if (P == null)//se não encontrar o processo
{
return(Retorna);
}
else
{
Attacked = Process.GetProcessById(P.Id); //ReCheck Pos Privileges
}
ArrayString = ArrayString_;
StartScan();
return(Retorna);
}
public static void GoDebugPriv()
{
IntPtr intPtr;
if (!EnablePrivileges.OpenProcessToken(EnablePrivileges.GetCurrentProcess(), EnablePrivileges.TOKEN_ADJUST_PRIVILEGES | EnablePrivileges.TOKEN_QUERY, out intPtr))
{
return;
}
EnablePrivileges.LUID luid;
if (!EnablePrivileges.LookupPrivilegeValue(null, "SeDebugPrivilege", out luid))
{
EnablePrivileges.CloseHandle(intPtr);
return;
}
EnablePrivileges.TOKEN_PRIVILEGES token_PRIVILEGES;
token_PRIVILEGES.PrivilegeCount = 1u;
token_PRIVILEGES.Luid = luid;
token_PRIVILEGES.Attributes = 2u;
EnablePrivileges.AdjustTokenPrivileges(intPtr, false, ref token_PRIVILEGES, 0u, IntPtr.Zero, IntPtr.Zero);
EnablePrivileges.CloseHandle(intPtr);
}
public dotNetMemoryScan()
{
EnablePrivileges.GoDebugPriv();
}