C# (CSharp) NktSpyMgr.ProcessMemoryFromPID Exemples

Langage de programmation: C# (CSharp)

Class/Type: NktSpyMgr

Méthode/Fonction: ProcessMemoryFromPID

Exemples au hotexamples.com: 2

C# (CSharp) NktSpyMgr.ProcessMemoryFromPID - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de NktSpyMgr.ProcessMemoryFromPID extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

Initialize(12)

CreateHook(11)

Processes(9)

CreateHookForAddress(5)

CreateProcess(4)

ResumeProcess(4)

ProcessFromPID(2)

Hooks(2)

ProcessMemoryFromPID(2)

TerminateProcess(1)

CallCustomApi(1)

LoadCustomDll(1)

LoadAgent(1)

DestroyHook(1)

DbModules(1)

CreateHooksCollection(1)

UnloadCustomDll(1)

Méthodes fréquemment utilisées

Initialize (12)

CreateHook (11)

Processes (9)

CreateHookForAddress (5)

CreateProcess (4)

ResumeProcess (4)

ProcessFromPID (2)

Hooks (2)

ProcessMemoryFromPID (2)

TerminateProcess (1)

Méthodes fréquemment utilisées

CallCustomApi (1)

LoadCustomDll (1)

LoadAgent (1)

DestroyHook (1)

DbModules (1)

CreateHooksCollection (1)

UnloadCustomDll (1)

Associées

Framework.Node

FastEmaIndicator

InfoOrganizationCollection

Company

ListTagsForResourceRequest

SquareSelectable

XamlReadOnlyCodeRenderer

ConversationCountChanged

Vector

zCWaypoint

Related in langs

CveException (PHP)

DefaultElementLocatorTest (PHP)

virCgroupNewDetectMachine (C++)

BufferReader (C++)

PutRepo (Go)

NewEmptyIterator (Go)

Offer (Java)

Base (Java)

run (Python)

dist (Python)

Exemple #1

0

Afficher le fichier

private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo) { NktStackTrace stack = hookCallInfo.StackTrace(); NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id); UInt32 StackOpcodeSize = 50; byte[] StackOpcode = new byte[StackOpcodeSize]; for (UInt32 n = 0; n < StackOpcodeSize; n++) { StackOpcode[n] = (byte)memory.Read((IntPtr)((UInt64)stack.Address(0) - StackOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte); } UInt64 actualAddr = (UInt64)hookCallInfo.get_Register(eNktRegister.asmRegEip); UInt64 nInstrSize = (UInt64)GetInstrSize(StackOpcode, StackOpcodeSize); UInt64 callingAddr = (UInt64)stack.Address(0) - nInstrSize; string str = "From: 0x" + callingAddr.ToString("x") + " To: 0x" + actualAddr.ToString("x") + "\n"; Output(str, false); actualAddr -= SecStartAddress; callingAddr -= SecStartAddress; CROSSREF crossref = new CROSSREF(); crossref.From = callingAddr; crossref.To = actualAddr; CrossRefSet.Add(crossref); }

Exemple #2

0

Afficher le fichier

byte[] GetValue(uint pid, INktParam paramData, INktParam paramSize, bool sizeAndTypeArePtr) { byte[] buffer = null; uint valueSize; if (sizeAndTypeArePtr) { if (paramSize.IsNullPointer == false) { valueSize = paramSize.Evaluate().ULongVal; } else { valueSize = 0; } } else { valueSize = paramSize.ULongVal; } if (paramData.IsNullPointer == false) { //if (paramData.PointerVal != IntPtr.Zero) if (!paramData.PointerVal.Equals(IntPtr.Zero)) { INktProcessMemory procMem = _spyMgr.ProcessMemoryFromPID((int)pid); //var buffer = new byte[valueSize]; buffer = new byte[valueSize]; GCHandle pinnedBuffer = GCHandle.Alloc(buffer, GCHandleType.Pinned); IntPtr pDest = pinnedBuffer.AddrOfPinnedObject(); //Int64 bytesReaded = procMem.ReadMem(pDest, paramData.PointerVal, (IntPtr)valueSize).ToInt64(); //Int64 bytesReaded = procMem.ReadMem((int) pDest, (int)paramData.PointerVal, (int) valueSize).ToInt64(); Int64 bytesReaded = procMem.ReadMem(pDest, paramData.PointerVal, (IntPtr)valueSize).ToInt64(); pinnedBuffer.Free(); /* valueData = ""; * for (int i = 0; i < bytesReaded; i++) * { * if (i != 0) * valueData += " "; * valueData += Convert.ToByte(buffer[i]).ToString("X2"); * }*/ } } return(buffer); }