public static void VirtualFree(Process p, IntPtr address)
{
IntPtr processHandle = Kernel32.GetProcessHandle(p, ProcessAccessFlags.VMOperation);
int num = Kernel32.VirtualFreeEx(processHandle, address, 0, AllocationType.Release) ? 1 : 0;
Kernel32.CloseProcessHandle(processHandle);
if (num == 0)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
public static int WriteProcessMemory(Process p, IntPtr address, byte[] buffer)
{
IntPtr processHandle = Kernel32.GetProcessHandle(p, ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMWrite);
int lpNumberOfBytesWritten;
if (!Kernel32.WriteProcessMemory(processHandle, address, buffer, (uint)buffer.Length, out lpNumberOfBytesWritten))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Kernel32.CloseProcessHandle(processHandle);
return(lpNumberOfBytesWritten);
}
public static bool VirtualProtect(
IntPtr pid,
IntPtr address,
uint size,
PageAccessProtectionFlags flags,
out PageAccessProtectionFlags oldFlags)
{
IntPtr processHandle = Kernel32.GetProcessHandle(pid, ProcessAccessFlags.VMOperation);
int num = Kernel32.VirtualProtectEx(processHandle, address, size, flags, out oldFlags) ? 1 : 0;
Kernel32.CloseHandle(processHandle);
return(num != 0);
}
public static IntPtr CreateRemoteThread(
int pid,
IntPtr address,
IntPtr param,
CreateThreadFlags flags)
{
IntPtr processHandle = Kernel32.GetProcessHandle(new IntPtr(pid), ProcessAccessFlags.CreateThread | ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMRead | ProcessAccessFlags.VMWrite | ProcessAccessFlags.QueryInformation);
IntPtr remoteThread = Kernel32.CreateRemoteThread(processHandle, IntPtr.Zero, 0U, address, param, (uint)flags, IntPtr.Zero);
if (remoteThread == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Kernel32.CloseProcessHandle(processHandle);
return(remoteThread);
}
public static IntPtr VirtualAlloc(
Process p,
IntPtr address,
uint size,
AllocationType type,
PageAccessProtectionFlags flags)
{
IntPtr processHandle = Kernel32.GetProcessHandle(p, ProcessAccessFlags.VMOperation);
IntPtr num = Kernel32.VirtualAllocEx(processHandle, address, size, type, flags);
if (num == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Kernel32.CloseProcessHandle(processHandle);
return(num);
}
public static bool ReadProcessMemory(Process p, IntPtr address, ref byte[] buffer)
{
IntPtr processHandle = Kernel32.GetProcessHandle(p, ProcessAccessFlags.VMRead);
PageAccessProtectionFlags oldFlags1;
if (!Kernel32.VirtualProtect(new IntPtr(p.Id), address, (uint)buffer.Length, PageAccessProtectionFlags.ExecuteReadWrite, out oldFlags1))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
uint numBytesRead;
if (!Kernel32.ReadProcessMemory(processHandle, address, buffer, (uint)buffer.Length, out numBytesRead))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
PageAccessProtectionFlags oldFlags2;
if (!Kernel32.VirtualProtect(new IntPtr(p.Id), address, (uint)buffer.Length, oldFlags1, out oldFlags2))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Kernel32.CloseProcessHandle(processHandle);
return((long)numBytesRead == (long)buffer.Length);
}