public bool WriteMemory(IntPtr address, byte[] bufferToWrite) { if (!IsBound() || bufferToWrite.Length == 0) { return(false); } int writeBytes = 0; return(WrapperWinAPI.WriteProcessMemory(m_ProcessHandle, address, bufferToWrite, (uint)bufferToWrite.Length, out writeBytes)); }
public bool ReadMemoryAt(long address, int bytesToRead, out byte[] buffer) { buffer = new byte[bytesToRead]; IntPtr read = new IntPtr(); #if DEBUG MEMORY_BASIC_INFORMATION memInfo; int dwLength = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)); WrapperWinAPI.VirtualQueryEx(m_ProcessHandle, (IntPtr)address, out memInfo, dwLength); #endif return(WrapperWinAPI.ReadProcessMemory(m_ProcessHandle, new IntPtr(address), buffer, bytesToRead, out read)); }
public void Release() { try { WrapperWinAPI.CloseHandle(m_ProcessHandle); } catch { // do nothing Console.WriteLine("Nothing to release."); } finally { m_ProcessHandle = new IntPtr(0); m_Process = null; } }
public string GetUserOwningProcess() { try { WindowsIdentity WI = new WindowsIdentity(m_Process.Handle); string user = WI.Name; return(user.Contains(@"\") ? user.Substring(user.IndexOf(@"\") + 1) : user); } catch { return(null); } finally { WrapperWinAPI.CloseHandle(m_ProcessHandle); } }
public void BindToProcessById(int processId) { // release previous binded process. Release(); try { m_Process = Process.GetProcessById(processId); m_ProcessHandle = WrapperWinAPI.OpenProcess((int)ProcessAccessFlags.All, false, m_Process.Id); } catch { m_Process = null; m_ProcessHandle = new IntPtr(0); // do nothing Console.WriteLine("Cannot attach to that process... try with admin."); } }
public bool ReadMemory(out Dictionary <IntPtr, byte[]> dictionary) { dictionary = new Dictionary <IntPtr, byte[]>(); if (!IsBound()) { return(false); } SYSTEM_INFO sysInfo; WrapperWinAPI.GetSystemInfo(out sysInfo); IntPtr start = new IntPtr(0); IntPtr end = sysInfo.lpMaximumApplicationAddress; long current = 0; MEMORY_BASIC_INFORMATION memInfo; int dwLength = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)); while (current <= end.ToInt64() && WrapperWinAPI.VirtualQueryEx(m_ProcessHandle, (IntPtr)current, out memInfo, dwLength) != 0) { if (memInfo.State == StateEnum.MEM_COMMIT && memInfo.Protect == AllocationProtectEnum.PAGE_READWRITE) { byte[] buffer = new byte[memInfo.RegionSize.ToInt32()]; IntPtr read = new IntPtr(0); IntPtr baseAddr = new IntPtr((long)memInfo.BaseAddress); if (WrapperWinAPI.ReadProcessMemory(m_ProcessHandle, baseAddr, buffer, buffer.Length, out read)) { dictionary.Add(baseAddr, buffer); } } // next memory chunck. current = (long)memInfo.BaseAddress + (long)memInfo.RegionSize; } return(dictionary.Count > 0); }