public static string ExtractStringFromMemory(long address, int maxBufferSize, Process p, IntPtr hProc)
{
string str = "";
IntPtr intPtr = (hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc);
byte[] numArray = new byte[maxBufferSize];
int num = 0;
MemAPI.ReadProcessMemory(intPtr, address, numArray, (int)numArray.Length - 1, ref num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
int num1 = 0;
while (num1 < (int)numArray.Length)
{
int num2 = num1;
num1 = num2 + 1;
if (numArray[num2] == 0)
{
break;
}
str = string.Concat(str, Encoding.ASCII.GetString(numArray, num1 - 1, 1));
}
return(str);
}
public static bool IsValidItemIDInArray(byte[] array, int index)
{
bool flag = true;
if (MemAPI.IsUpperChar(array[index]))
{
int num = index + 1;
while (num < (int)array.Length && array[num] != 0)
{
if (MemAPI.IsAscii(array[num]))
{
num++;
}
else
{
flag = false;
break;
}
}
}
else
{
flag = false;
}
return(flag);
}
// Token: 0x0600012B RID: 299 RVA: 0x0001D260 File Offset: 0x0001B460
public long pagedMemorySearchMatch(int[] search, long startAddress, long regionSize)
{
long result = -1L;
int val = 20480;
int num = Math.Max(search.Length * 20, val);
if (this.p == null)
{
return(result);
}
IntPtr hProcess = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
byte[] array = new byte[num];
long num2 = startAddress + regionSize;
for (long num3 = startAddress; num3 < num2; num3 += (long)(array.Length - search.Length))
{
MemAPI.ReadBytes(num3, array, num, this.p, hProcess);
int num4;
if ((num4 = MemAPI.findSequenceMatch(array, 0, search, true, false)) >= 0)
{
result = num3 + (long)num4;
break;
}
}
MemAPI.CloseHandle(hProcess);
return(result);
}
public long pagedMemorySearchMatch(int[] search, long startAddress, long regionSize)
{
long num = (long)-1;
int num1 = 20480;
int num2 = Math.Max((int)search.Length * 20, num1);
if (this.p == null)
{
return(num);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
byte[] numArray = new byte[num2];
long num3 = startAddress + regionSize;
long length = startAddress;
while (length < num3)
{
MemAPI.ReadBytes(length, numArray, num2, this.p, intPtr);
int num4 = -1;
int num5 = MemAPI.findSequenceMatch(numArray, 0, search, true, false);
num4 = num5;
if (num5 < 0)
{
length = length + (long)((int)numArray.Length - (int)search.Length);
}
else
{
num = length + (long)num4;
break;
}
}
MemAPI.CloseHandle(intPtr);
return(num);
}
public long pagedMemorySearch(byte[] search, long startAddress, long regionSize)
{
long num1 = -1;
int val2 = 20480;
int count = Math.Max(search.Length * 20, val2);
if (this.p == null)
{
return(num1);
}
IntPtr num2 = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
byte[] numArray = new byte[count];
long num3 = startAddress;
long num4 = startAddress + regionSize;
long address = num3;
while (address < num4)
{
MemAPI.ReadBytes(address, numArray, count, this.p, num2);
int sequence;
if ((sequence = MemAPI.findSequence(numArray, 0, search, true, false)) >= 0)
{
num1 = address + (long)sequence;
break;
}
address += (long)(numArray.Length - search.Length);
}
MemAPI.CloseHandle(num2);
return(num1);
}
public void CloseProcessHandle()
{
if (this.hProc != IntPtr.Zero)
{
MemAPI.CloseHandle(this.hProc);
this.hProc = IntPtr.Zero;
}
}
public void CloseProcessHandle()
{
if (!(this.hProc != IntPtr.Zero))
{
return;
}
MemAPI.CloseHandle(this.hProc);
this.hProc = IntPtr.Zero;
}
public bool FindRegionBySize(long size, out long regionStart, out long regionSize, IntPtr hProc, long startAddress = 0L, bool needReadWrite = true)
{
IntPtr intPtr;
MemAPI.MEMORY_BASIC_INFORMATION mEMORYBASICINFORMATION;
bool flag = false;
regionStart = (long)0;
regionSize = (long)0;
if (hProc != IntPtr.Zero)
{
intPtr = hProc;
}
else
{
if (this.p == null)
{
return(false);
}
intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
}
long num = 9223372036854775807L;
long baseAddress = startAddress;
do
{
MemAPI.VirtualQueryEx(intPtr, (IntPtr)baseAddress, out mEMORYBASICINFORMATION, (uint)Marshal.SizeOf(typeof(MemAPI.MEMORY_BASIC_INFORMATION)));
if ((long)mEMORYBASICINFORMATION.RegionSize == size)
{
if (!needReadWrite)
{
regionStart = (long)mEMORYBASICINFORMATION.BaseAddress;
regionSize = (long)mEMORYBASICINFORMATION.RegionSize;
flag = true;
break;
}
else if (mEMORYBASICINFORMATION.Protect == MemAPI.AllocationProtectEnum.PAGE_READWRITE && mEMORYBASICINFORMATION.State == MemAPI.StateEnum.MEM_COMMIT)
{
regionStart = (long)mEMORYBASICINFORMATION.BaseAddress;
regionSize = (long)mEMORYBASICINFORMATION.RegionSize;
flag = true;
break;
}
}
if (baseAddress == (long)mEMORYBASICINFORMATION.BaseAddress + (long)mEMORYBASICINFORMATION.RegionSize)
{
break;
}
baseAddress = (long)mEMORYBASICINFORMATION.BaseAddress + (long)mEMORYBASICINFORMATION.RegionSize;
}while (baseAddress <= num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
return(flag);
}
// Token: 0x060000C0 RID: 192 RVA: 0x0000E544 File Offset: 0x0000C744
private void btnCompareAddress_Click(object sender, EventArgs e)
{
long address = MemAPI.HexStringToInt64(this.txtCompareAddress.Text);
if (this.myApp == null)
{
return;
}
this.myApp.showCompareAddress(address);
}
// Token: 0x060000BC RID: 188 RVA: 0x0000E478 File Offset: 0x0000C678
private void btnFindMemoryRegionByAddress_Click(object sender, EventArgs e)
{
long addr = MemAPI.HexStringToInt64(this.txtFindMemoryRegionByAddress.Text);
if (this.myApp == null)
{
return;
}
this.myApp.searchMemoryRegionForAddress(addr);
}
// Token: 0x06000124 RID: 292 RVA: 0x0001CD10 File Offset: 0x0001AF10
public void SetSingleAt(long address, float newValue)
{
if (this.p == null)
{
return;
}
IntPtr hProcess = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
MemAPI.WriteSingle(address, newValue, this.p, hProcess);
MemAPI.CloseHandle(hProcess);
}
// Token: 0x060000BD RID: 189 RVA: 0x0000E4AC File Offset: 0x0000C6AC
private void btntxtFindMemoryRegionBySize_Click(object sender, EventArgs e)
{
long size = MemAPI.HexStringToInt64(this.txtFindMemoryRegionBySize.Text);
long startAddress = MemAPI.HexStringToInt64(this.txtFindMemoryRegionByAddress.Text);
if (this.myApp == null)
{
return;
}
this.myApp.searchMemoryRegionForSize(size, startAddress);
}
public void SetByteAt(long address, byte newValue)
{
if (this.p == null)
{
return;
}
IntPtr num = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
MemAPI.WriteByte(address, newValue, this.p, num);
MemAPI.CloseHandle(num);
}
public void SetUInt32At(long address, uint newValue)
{
if (this.p == null)
{
return;
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
MemAPI.WriteUInt32(address, newValue, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
}
public void SetBytesAt(long address, byte[] buffer, int count)
{
if (this.p == null)
{
return;
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
MemAPI.WriteBytes(address, buffer, count, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
}
public static int ReadBytes(long address, byte[] buffer, int count, Process p, IntPtr hProc)
{
IntPtr hProcess = hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc;
int lpNumberOfBytesRead = 0;
MemAPI.ReadProcessMemory(hProcess, address, buffer, count, ref lpNumberOfBytesRead);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(hProcess);
}
return(lpNumberOfBytesRead);
}
public static int ReadBytes(long address, byte[] buffer, int count, Process p, IntPtr hProc)
{
IntPtr intPtr = (hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc);
int num = 0;
MemAPI.ReadProcessMemory(intPtr, address, buffer, count, ref num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
return(num);
}
// Token: 0x0600011B RID: 283 RVA: 0x0001CA90 File Offset: 0x0001AC90
public int GetBytesAt(long address, byte[] buffer, int count)
{
if (this.p == null)
{
return(0);
}
IntPtr hProcess = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
int arg_37_0 = MemAPI.ReadBytes(address, buffer, count, this.p, hProcess);
MemAPI.CloseHandle(hProcess);
return(arg_37_0);
}
// Token: 0x060000F7 RID: 247 RVA: 0x0001C0C8 File Offset: 0x0001A2C8
public static int WriteBytes(long address, byte[] buffer, int count, Process p, IntPtr hProc)
{
IntPtr hProcess = (hProc == IntPtr.Zero) ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc;
int result = 0;
MemAPI.WriteProcessMemory(hProc, address, buffer, (uint)count, out result);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(hProcess);
}
return(result);
}
public int GetBytesAt(long address, byte[] buffer, int count)
{
if (this.p == null)
{
return(0);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
int num = MemAPI.ReadBytes(address, buffer, count, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
return(num);
}
public static void WriteByte(long address, byte newValue, Process p, IntPtr hProc)
{
IntPtr intPtr = (hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc);
byte[] numArray = new byte[] { newValue };
int num = 0;
MemAPI.WriteProcessMemory(hProc, address, numArray, 1, out num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
}
public static string ReadString(long address, int count, Process p, IntPtr hProc)
{
IntPtr intPtr = (hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc);
byte[] numArray = new byte[count + 1];
int num = 0;
MemAPI.ReadProcessMemory(intPtr, address, numArray, (int)numArray.Length - 1, ref num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
return(Encoding.ASCII.GetString(numArray));
}
public static byte[] ReadBytes(long address, int count, Process p, IntPtr hProc)
{
IntPtr intPtr = (hProc == IntPtr.Zero ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc);
byte[] numArray = new byte[count];
int num = 0;
MemAPI.ReadProcessMemory(intPtr, address, numArray, (int)numArray.Length, ref num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(intPtr);
}
return(numArray);
}
public uint GetUInt32At(long address)
{
uint num = 0;
if (this.p == null)
{
return(num);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
num = MemAPI.ReadUInt32(address, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
return(num);
}
public string GetStringAt(long address)
{
string str = "";
if (this.p == null)
{
return(str);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
str = MemAPI.ExtractStringFromMemory(address, 128, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
return(str);
}
public float GetSingleAt(long address)
{
float single = 0f;
if (this.p == null)
{
return(single);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
single = MemAPI.ReadSingle(address, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
return(single);
}
public byte GetByteAt(long address)
{
byte num = 0;
if (this.p == null)
{
return(num);
}
IntPtr intPtr = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
num = MemAPI.ReadByte(address, this.p, intPtr);
MemAPI.CloseHandle(intPtr);
return(num);
}
// Token: 0x0600011D RID: 285 RVA: 0x0001CB1C File Offset: 0x0001AD1C
public uint GetUInt32At(long address)
{
uint result = 0u;
if (this.p == null)
{
return(result);
}
IntPtr hProcess = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
result = MemAPI.ReadUInt32(address, this.p, hProcess);
MemAPI.CloseHandle(hProcess);
return(result);
}
// Token: 0x0600011E RID: 286 RVA: 0x0001CB64 File Offset: 0x0001AD64
public float GetSingleAt(long address)
{
float result = 0f;
if (this.p == null)
{
return(result);
}
IntPtr hProcess = MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, this.p.Id);
result = MemAPI.ReadSingle(address, this.p, hProcess);
MemAPI.CloseHandle(hProcess);
return(result);
}
// Token: 0x060000F4 RID: 244 RVA: 0x0001BFB4 File Offset: 0x0001A1B4
public static byte ReadByte(long address, Process p, IntPtr hProc)
{
IntPtr hProcess = (hProc == IntPtr.Zero) ? MemAPI.OpenProcess(MemAPI.ProcessAccessFlags.All, false, p.Id) : hProc;
byte[] array = new byte[1];
int num = 0;
MemAPI.ReadProcessMemory(hProcess, address, array, array.Length, ref num);
if (hProc == IntPtr.Zero)
{
MemAPI.CloseHandle(hProcess);
}
return(array[0]);
}
