bool TryWrite(IntPtr address, byte[] buff)
{
uint written = 0;
return(Pinvoke.WriteProcessMemory(_access.Handle, address,
buff, buff.Length, ref written) && buff.Length == written);
}
private byte[] GetByteArray(IntPtr address, int length = 16)
{
ProcessHandler.CheckAccess();
var buff = new byte[length];
uint read = 0;
if (!Pinvoke.ReadProcessMemory(_access.Handle, address, buff,
(uint)length, ref read) || read != length)
{
throw new UnreadableMemoryException(address, _access);
}
return(buff);
}
private MemoryInformation[][] GetRegions()
{
var addy = new IntPtr();
IList <MemoryInformation> regions
= new List <MemoryInformation>();
while (true)
{
var memInf = new MemoryInformation();
int memDump = Pinvoke.VirtualQueryEx(_access.Handle, addy,
out memInf, Marshal.SizeOf(memInf));
if (memDump == 0)
{
return(DivideRegions(regions));
}
var memProps = MemoryProperties.Parse(memInf);
if (!memProps.State.IsCommited &&
!memProps.Protect.IsGuard &&
memProps.Protect.IsReadOnly)
{
goto ADDY;
}
if (!Settings.MemPrivate)
{
if (memProps.Type.IsPrivate)
{
goto ADDY;
}
}
if (!Settings.MemImage)
{
if (memProps.Type.IsImageMapped)
{
goto ADDY;
}
}
if (!Settings.MemMapped)
{
if (memProps.Type.IsMapped)
{
goto ADDY;
}
}
if (Settings.Writable != ScanType.BOTH)
{
if (Settings.Writable == ScanType.ONLY)
{
if (!memProps.Protect.IsWritable)
{
goto ADDY;
}
}
else if (memProps.Protect.IsWritable)
{
goto ADDY;
}
}
if (Settings.CopyOnWrite != ScanType.BOTH)
{
if (Settings.CopyOnWrite == ScanType.ONLY)
{
if (!memProps.Protect.IsCopyOnWrite)
{
goto ADDY;
}
}
else if (memProps.Protect.IsCopyOnWrite)
{
goto ADDY;
}
}
if (Settings.Executable != ScanType.BOTH)
{
if (Settings.Executable == ScanType.ONLY)
{
if (!memProps.Protect.IsExecutable)
{
goto ADDY;
}
}
else if (memProps.Protect.IsExecutable)
{
goto ADDY;
}
}
regions.Add(memInf);
ADDY:
addy = new IntPtr(memInf.BaseAddress.ToInt32()
+ (int)memInf.RegionSize);
}
}