public static string ReadZeroTerminatedString(this IDebuggeeProcess process, IntPtr address, bool unicode, int maxLength = 0x100) { // We do not know the size of the string, therefore read the memory in chunks and search for a zero byte. const int bufferSize = 256; var encoding = unicode ? Encoding.ASCII : Encoding.Unicode; var builder = new StringBuilder(); IntPtr currentAddress = address; byte[] buffer = new byte[bufferSize]; string lastChunk; int nullIndex; do { process.ReadMemory(currentAddress, buffer, 0, buffer.Length); lastChunk = encoding.GetString(buffer); nullIndex = lastChunk.IndexOf('\0'); builder.Append(lastChunk); currentAddress += bufferSize; } while (nullIndex == -1 && builder.Length < 0x100); // If \0 was found, remove everything after this character. Otherwise just return the raw string. string rawString = builder.ToString(); return(nullIndex != -1 ? rawString.Remove(builder.Length - (lastChunk.Length - nullIndex)) : rawString); }
public static string ReadString(this IDebuggeeProcess process, IntPtr address, int length, bool unicode) { byte[] data = new byte[length]; process.ReadMemory(address, data, 0, data.Length); var encoding = unicode ? Encoding.ASCII : Encoding.Unicode; return(encoding.GetString(data)); }
public byte[] ReadBytes(int count) { var buffer = new byte[count]; _process.ReadMemory((IntPtr)Position, buffer, 0, count); // Int3 breakpoints are changes in code and therefore change the memory of a process. // To still view the original memory, we need to obtain all breakpoints and revert the // changed code in the read memory. NegateInt3Breakpoints(count, buffer); Position += buffer.Length; return(buffer); }
private void DumpMemory(IDebuggeeProcess process, ulong address, int rows, X86OperandSize size, Logger logger) { const int rowSize = 0x10; var buffer = new byte[rows * rowSize]; process.ReadMemory((IntPtr)address, buffer, 0, buffer.Length); int stepSize = 0; switch (size) { case X86OperandSize.Byte: stepSize = 1; break; case X86OperandSize.Word: stepSize = 2; break; case X86OperandSize.Dword: stepSize = 4; break; default: throw new ArgumentOutOfRangeException(nameof(size)); } for (int row = 0; row < rows; row++) { logger.Write("{0:X8}: ", address + (ulong)(row * rowSize)); var builder = new StringBuilder(); for (int col = 0; col < rowSize; col += stepSize) { if (col % 4 == 0) { logger.Write(" "); } ulong currentValue = 0; switch (size) { case X86OperandSize.Byte: currentValue = buffer[row * rowSize + col]; break; case X86OperandSize.Word: currentValue = BitConverter.ToUInt16(buffer, row * rowSize + col); break; case X86OperandSize.Dword: currentValue = BitConverter.ToUInt32(buffer, row * rowSize + col); break; } logger.Write("{0} ", currentValue.ToString("X" + (stepSize * 2))); if (stepSize == 1) { char currentChar = (char)currentValue; builder.Append(char.IsControl(currentChar) ? '.' : currentChar); } } logger.WriteLine(" " + builder.ToString()); } }