protected void API_WriteProcessMemory(Address adr, byte[] val)
{
uint oldProtection = APIProxy.VirtualProtectEx(handle, adr, val.Length, (uint)APIProxy.MemoryProtection.PAGE_EXECUTE_READ_WRITE);
APIProxy.WriteProcessMemory(handle, adr, val);
APIProxy.VirtualProtectEx(handle, adr, val.Length, oldProtection);
}
protected byte[] API_ReadProcessMemory(Address adr, int size)
{
uint oldProtection = APIProxy.VirtualProtectEx(handle, adr, size, (uint)APIProxy.MemoryProtection.PAGE_EXECUTE_READ_WRITE);
byte[] buffer = APIProxy.ReadProcessMemory(handle, adr, size);
APIProxy.VirtualProtectEx(handle, adr, size, oldProtection);
return(buffer);
}
public void UnfreezeProcess()
{
foreach (ProcessThread pt in managedProcess.Threads)
{
Handle cHandle = Handle.Zero();
cHandle = Handle.GetThreadHandle((uint)pt.Id, APIProxy.ThreadAccessFlags.THREAD_SUSPEND_RESUME);
APIProxy.ResumeThread(cHandle);
}
}
public void FreeMemoryRegion(MemoryRegion region, APIProxy.FreeType freeType)
{
if (freeType == APIProxy.FreeType.Release)
{
APIProxy.VirtualFreeEx(handle, region.start, 0, freeType);
}
else
{
APIProxy.VirtualFreeEx(handle, region.start, region.lenght, freeType);
}
}
public void InjectDll(string libraryPath)
{
MemoryRegion pathRegion = APIProxy.VirtualAllocEx(handle, Address.Zero(), libraryPath.Length, APIProxy.AllocationType.Reserve | APIProxy.AllocationType.Commit, APIProxy.MemoryProtection.PAGE_EXECUTE_READ_WRITE);
APIProxy.WriteProcessMemory(handle, pathRegion.start, Encoding.ASCII.GetBytes(libraryPath));
Handle kernelLibraryHandle = Handle.GetModuleHandle("Kernel32.dll");
Address loadLibraryAddress = APIProxy.GetProcedureAddress(kernelLibraryHandle, "LoadLibraryA");
Handle threadHandle = APIProxy.CreateRemoteThread(handle, Address.Zero(), 0, loadLibraryAddress, pathRegion.start, 0, 0);
FreeMemoryRegion(pathRegion, APIProxy.FreeType.Release);
threadHandle.Close();
}
public uint ChangeProtection(APIProxy.MemoryProtection newProtection, int sizeOfVariable)
{
return(APIProxy.VirtualProtectEx(callback.GetHandle(), GetAddress(), sizeOfVariable, (uint)newProtection));
}
public void Close()
{
APIProxy.CloseHandle(this);
}
public static Handle GetModuleHandle(string moduleName)
{
return(APIProxy.GetModuleHandle(moduleName));
}
public static Handle GetThreadHandle(uint threadID, APIProxy.ThreadAccessFlags access)
{
return(APIProxy.OpenThread(access, threadID));
}
public static Handle GetProcessHandle(string name, APIProxy.ProcessAccessFlags access)
{
Process proc = ProcessInterface.FindProcess(name);
return(APIProxy.OpenProcess(access, proc.Id));
}
public MemoryRegion AllocateMemory(int size, APIProxy.AllocationType allocationType = APIProxy.AllocationType.Reserve | APIProxy.AllocationType.Commit, APIProxy.MemoryProtection memoryProtection = APIProxy.MemoryProtection.PAGE_EXECUTE_READ_WRITE)
{
MemoryRegion allocation = APIProxy.VirtualAllocEx(handle, Address.Zero(), size, allocationType, memoryProtection);
return(allocation);
}