public static void Main1()
{
var processName = "UNIT_TEST";
var surfer = new CreditCardSurfer();
if (surfer.FindCC(GetAsciiBytesWithCC(), processName, 0))
{
Console.WriteLine("Found ASCII encoded CC as expected.");
}
if (!surfer.FindCC(GetAsciiBytesWithoutCC(), processName, 0))
{
Console.WriteLine("Did not find ASCII encoded CC as expected.");
}
if (surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
{
Console.WriteLine("Found Unicode encoded CC as expected.");
}
if (!surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
{
Console.WriteLine("Did not find Unicode encoded CC as expected.");
}
if (surfer.FindCC(GetShiftedBytes(), processName, 0))
{
Console.WriteLine("Found CC as expected.");
}
else
{
Console.WriteLine("Did not find CC in shifted bytes.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTestMC()), processName, 0))
{
Console.WriteLine("Found test MC as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTestDiscover()), processName, 0))
{
Console.WriteLine("Found test Discover as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack1Data()), processName, 0))
{
Console.WriteLine("Found Track1 Data as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack2Data()), processName, 0))
{
Console.WriteLine("Found Track2 Data as expected.");
}
}
public static void Main1()
{
var processName = "UNIT_TEST";
var surfer = new CreditCardSurfer();
if (surfer.FindCC(GetAsciiBytesWithCC(), processName, 0))
{
Console.WriteLine("Found ASCII encoded CC as expected.");
}
if (!surfer.FindCC(GetAsciiBytesWithoutCC(), processName, 0))
{
Console.WriteLine("Did not find ASCII encoded CC as expected.");
}
if (surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
{
Console.WriteLine("Found Unicode encoded CC as expected.");
}
if (!surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
{
Console.WriteLine("Did not find Unicode encoded CC as expected.");
}
if (surfer.FindCC(GetShiftedBytes(), processName, 0))
{
Console.WriteLine("Found CC as expected.");
}
else
{
Console.WriteLine("Did not find CC in shifted bytes.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTestMC()), processName, 0))
{
Console.WriteLine("Found test MC as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTestDiscover()), processName, 0))
{
Console.WriteLine("Found test Discover as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack1Data()), processName, 0))
{
Console.WriteLine("Found Track1 Data as expected.");
}
if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack2Data()), processName, 0))
{
Console.WriteLine("Found Track2 Data as expected.");
}
}
void SearchProcessMemory(Process process)
{
// getting minimum & maximum address
var sys_info = new SYSTEM_INFO();
GetSystemInfo(out sys_info);
var proc_min_address = sys_info.minimumApplicationAddress;
var proc_max_address = sys_info.maximumApplicationAddress;
var proc_min_address_l = (long)proc_min_address;
var proc_max_address_l = (long)proc_max_address;
//Opening the process with desired access level
var processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
var mem_basic_info = new MEMORY_BASIC_INFORMATION();
var bytesRead = 0; // number of bytes read with ReadProcessMemory
while (proc_min_address_l < proc_max_address_l)
{
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); //28 = sizeof(MEMORY_BASIC_INFORMATION)
//If this memory chunk is accessible
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
//Read everything into a buffer
byte[] buffer = new byte[mem_basic_info.RegionSize];
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead);
//Search the buffer for CC#s
if (string.IsNullOrEmpty(_configFile))
{
_configFile = "config.xml";
}
var CCSurfer = new CreditCardSurfer(_configFile);
CCSurfer.FindCC(buffer, process.ProcessName, proc_max_address_l);
}
// move to the next memory chunk
proc_min_address_l += mem_basic_info.RegionSize;
proc_min_address = new IntPtr(proc_min_address_l);
if (mem_basic_info.RegionSize == 0)
{
break;
mem_basic_info.RegionSize = 4096; //in case of a null read, which shouldn't happen
}
}
if (mem_basic_info.RegionSize == 0 && Config.Default.FallBackToProcdump)
{
try
{
//In case the above DLL pull in fails to access a process's memory, fail back to SysInternals procdump
Process.Start("procdump.exe", "-accepteula -ma " + process.Id + " " + process.Id + ".dmp");
using (var fsSource = new FileStream(process.Id + ".dmp", FileMode.Open, FileAccess.Read))
{
// Read the source file into a byte array.
int numBytesRead = 0;
while (numBytesRead < fsSource.Length)
{
var bytes = new byte[1024];
var bytesToRead = (int) fsSource.Length - numBytesRead;
if (bytesToRead > 1024)
{
bytesToRead = 1024;
}
int n = fsSource.Read(bytes, numBytesRead, bytesToRead);
var CCSurfer = new CreditCardSurfer();
CCSurfer.FindCC(bytes, process.ProcessName, numBytesRead);
if (n == 0)
{
break;
}
numBytesRead += n;
}
}
var currentDirectory = Directory.GetCurrentDirectory();
foreach (var f in new DirectoryInfo(currentDirectory).GetFiles("*.dmp"))
{
f.Delete();
}
}
catch { }
}
}
void SearchProcessMemory(Process process)
{
// getting minimum & maximum address
var sys_info = new SYSTEM_INFO();
GetSystemInfo(out sys_info);
var proc_min_address = sys_info.minimumApplicationAddress;
var proc_max_address = sys_info.maximumApplicationAddress;
var proc_min_address_l = (long)proc_min_address;
var proc_max_address_l = (long)proc_max_address;
//Opening the process with desired access level
var processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
var mem_basic_info = new MEMORY_BASIC_INFORMATION();
var bytesRead = 0; // number of bytes read with ReadProcessMemory
while (proc_min_address_l < proc_max_address_l)
{
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); //28 = sizeof(MEMORY_BASIC_INFORMATION)
//If this memory chunk is accessible
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
//Read everything into a buffer
byte[] buffer = new byte[mem_basic_info.RegionSize];
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead);
//Search the buffer for CC#s
if (string.IsNullOrEmpty(_configFile))
{
_configFile = "config.xml";
}
var CCSurfer = new CreditCardSurfer(_configFile);
CCSurfer.FindCC(buffer, process.ProcessName, proc_max_address_l);
}
// move to the next memory chunk
proc_min_address_l += mem_basic_info.RegionSize;
proc_min_address = new IntPtr(proc_min_address_l);
if (mem_basic_info.RegionSize == 0)
{
break;
mem_basic_info.RegionSize = 4096; //in case of a null read, which shouldn't happen
}
}
if (mem_basic_info.RegionSize == 0 && Config.Default.FallBackToProcdump)
{
try
{
//In case the above DLL pull in fails to access a process's memory, fail back to SysInternals procdump
Process.Start("procdump.exe", "-accepteula -ma " + process.Id + " " + process.Id + ".dmp");
using (var fsSource = new FileStream(process.Id + ".dmp", FileMode.Open, FileAccess.Read))
{
// Read the source file into a byte array.
int numBytesRead = 0;
while (numBytesRead < fsSource.Length)
{
var bytes = new byte[1024];
var bytesToRead = (int)fsSource.Length - numBytesRead;
if (bytesToRead > 1024)
{
bytesToRead = 1024;
}
int n = fsSource.Read(bytes, numBytesRead, bytesToRead);
var CCSurfer = new CreditCardSurfer();
CCSurfer.FindCC(bytes, process.ProcessName, numBytesRead);
if (n == 0)
{
break;
}
numBytesRead += n;
}
}
var currentDirectory = Directory.GetCurrentDirectory();
foreach (var f in new DirectoryInfo(currentDirectory).GetFiles("*.dmp"))
{
f.Delete();
}
}
catch { }
}
}
