/// <summary>
/// プロセスの指定した仮想アドレスにある内容を読み取ります。
/// </summary>
/// <param name="mem">読み取り元のプロセスへのメモリアクセスを提供する ProcessMemory を指定します。</param>
/// <param name="addr">読み取り元の、指定したプロセス内に於ける仮想アドレスを指定します。</param>
/// <returns>読み取った内容を返します。</returns>
public static T Read(ProcessMemory mem, void *addr)
{
byte *p = stackalloc byte[size];
mem.ReadMemory(addr, p, size);
return((T)Interop::Marshal.PtrToStructure((System.IntPtr)p, read_type));
}
private static Diag::ProcessModule GetNotepadModule(Log log, out ProcessMemory m)
{
const string TARGET = "notepad.exe";
m = new mwg.InterProcess.ProcessMemory(TARGET);
if (!m.Available)
{
log.WriteLine("!現在 notepad.exe が利用出来ません。起動しているかどうか確認して下さい。");
return(null);
}
Diag::ProcessModule mod = null;
foreach (Diag::ProcessModule mod2 in m.Process.Modules)
{
//log.Lock();
//try{dumpModuleHeader(log,m,mod2);}
//finally{log.Unlock();}
if (mod2.ModuleName.ToString() != TARGET)
{
continue;
}
mod = mod2;
break;
}
if (mod == null)
{
log.WriteLine("!プロセス notepad.exe 内にモジュール 'notepad.exe' が見つかりませんでした。");
return(null);
}
return(mod);
}
public static void Write(ProcessMemory mem, void *addr, T value)
{
byte *p = stackalloc byte[size];
Interop::Marshal.StructureToPtr(value, (System.IntPtr)p, false);
mem.WriteMemory(addr, p, size);
}
static GenericRemotePtr()
{
ProcessMemory m = new mwg.InterProcess.ProcessMemory("notepad");
if (!m.Available)
{
return;
}
Diag::ProcessModule mod = null;
foreach (Diag::ProcessModule mod2 in m.Process.Modules)
{
if (mod2.ModuleName.ToString() == "nodepad.exe")
{
continue;
}
mod = mod2;
break;
}
if (mod == null)
{
return;
}
#if RemoteBytePtr
mNotepad1 = (RemoteBytePtr)m + mod.BaseAddress;
#endif
mNotepad2 = (RemotePtr <byte>)m + (long)mod.BaseAddress;
}
public Module(ProcessMemory mem, Diag::ProcessModule mod)
{
this.mem = mem;
this.mod = mod;
this.mbase = mem.GetPtr(mod.BaseAddress);
// DOS Header
this.dhead = mbase.Reinterpret <IMAGE.DOS_HEADER>();
if (dhead[0].magic != IMAGE.SIGNATURE.DOS)
{
dhead = default(RemotePtr <IMAGE.DOS_HEADER>);
return;
}
// COFF Header
remote_ptr ptr = mbase + dhead[0].lfanew;
if (ptr.Read <uint>() != (uint)IMAGE.SIGNATURE.NT)
{
return;
}
this.chead = (ptr + 4).Reinterpret <IMAGE.FILE_HEADER>();
// Optional Header
ohead = (chead + 1).Reinterpret <IMAGE.STD_OPTIONAL_HEADER>();
omagic = ohead[0].Magic;
}
public InitializerFromProcess(ProcessMemory mem, Process proc)
{
mem.process = proc;
handle = Kernel32.OpenProcess(
Kernel32.PROCESS.VM_OPERATION | Kernel32.PROCESS.VM_READ | Kernel32.PROCESS.VM_WRITE,
false, proc.Id);
mem.handle = handle;
}
public static void Main()
{
//chkStack動作();
testProcessMemory();
chkArgEvalOrder();
chkListBehaviour();
mwg.InterProcess.ProcessMemory WR = new mwg.InterProcess.ProcessMemory("WarRock");
System.Console.WriteLine("Press any key to exit this program.");
System.Console.ReadLine();
}
public InitializerFromName(ProcessMemory mem, string procName)
{
this.mem = mem;
this.procName = procName;
this.Initialize();
// .exe を余分に付けて指定した時
if (this.process == null && procName.ToLower().EndsWith(".exe"))
{
this.procName = procName.Substring(0, procName.Length - 4);
this.Initialize();
}
}
/// <summary>
/// 観察の対象のプロセスをコントロール上に追加します。
/// </summary>
/// <param name="mem">観察対象のプロセスのメモリ空間を示す ProcessMemory インスタンスを指定します。</param>
public void SetProcess(ProcessMemory mem)
{
if (!mem.Available)
{
return;
}
Forms::TreeNode processNode = new Forms::TreeNode(mem.Process.ProcessName);
foreach (Diag::ProcessModule mod in mem.Process.Modules)
{
Module module = new Module(mem, mod);
processNode.Nodes.Add(this.CreateModuleNode(module));
}
processNode.Expand();
treeView1.Nodes.Add(processNode);
}
private static void testProcessMemory()
{
System.Console.WriteLine("Press any key to stop the process.");
System.Console.ReadKey();
System.Console.WriteLine();
mwg.InterProcess.ProcessMemory m = new mwg.InterProcess.ProcessMemory("notepad");
if (!m.Available)
{
System.Console.WriteLine("notepad.exe が実行されていません!");
System.Console.WriteLine();
return;
}
System.Console.WriteLine();
m.StopProcess();
System.Console.WriteLine("Press any key to restart the process.");
System.Console.ReadKey();
System.Console.WriteLine();
m.RestartProcess();
}
public static void chkProcessMemory3(Log log)
{
const string TARGET = "notepad.exe";
ProcessMemory mem = new mwg.InterProcess.ProcessMemory(TARGET);
if (!mem.Available)
{
log.WriteLine("notepad.exe なるプロセスは起動していません。");
return;
}
Forms::Form f = new System.Windows.Forms.Form();
f.Size = new System.Drawing.Size(700, 500);
ProcessView view = new ProcessView();
view.Dock = Forms::DockStyle.Fill;
view.SetProcess(mem);
f.Controls.Add(view);
f.ShowDialog();
f.Dispose();
}
internal ClassName(ProcessMemory mem) : base(mem)
{
}
internal RemoteQWordPtr(ProcessMemory mem) : base(mem)
{
}
internal RemotePtr(ProcessMemory mem, byte *_base)
{
this.mem = mem;
this._base = _base;
}
internal ClassName(ProcessMemory mem, byte *_base) : base(mem, _base)
{
}
internal RemoteShortPtr(ProcessMemory mem, byte *_base) : base(mem, _base)
{
}
internal RemoteLongPtr(ProcessMemory mem) : base(mem)
{
}
internal RemoteDoublePtr(ProcessMemory mem, byte *_base) : base(mem, _base)
{
}
internal RemoteShortPtr(ProcessMemory mem) : base(mem)
{
}
internal RemoteLongPtr(ProcessMemory mem, byte *_base) : base(mem, _base)
{
}
internal DoubleAccessor(ProcessMemory mem)
{
this.mem = mem;
}
internal UInt64Accessor(ProcessMemory mem)
{
this.mem = mem;
}
internal RemotePtr(ProcessMemory mem) : this(mem, (byte *)0)
{
}
internal RemoteSBytePtr(ProcessMemory mem) : base(mem)
{
}
internal RemoteQWordPtr(ProcessMemory mem, byte *_base) : base(mem, _base)
{
}
internal RemoteFloatPtr(ProcessMemory mem) : base(mem)
{
}
internal FloatAccessor(ProcessMemory mem)
{
this.mem = mem;
}
internal RemoteDoublePtr(ProcessMemory mem) : base(mem)
{
}
internal Int16Accessor(ProcessMemory mem)
{
this.mem = mem;
}
internal ClassName(ProcessMemory mem)
{
this.mem = mem;
}