public void Hook(IntPtr toHook, IntPtr ourFunc, int len, bool _64bit = true) { int oldProtect; MemoryApi.VirtualProtectEx(ProcessHandle, toHook, len, MemoryApi.PAGE_READWRITE, out oldProtect); var emptyBytes = new byte[len]; for (int i = 0; i < len; i++) { emptyBytes[i] = 0x90; } WriteBytes(toHook, emptyBytes); byte[] byte_jump_delta = BitConverter.GetBytes((ulong)ourFunc - (ulong)toHook - (ulong)5); byte[] managedArray = new byte[5]; managedArray[0] = 0xE9; for (int i = 0; i < 4; i++) { managedArray[i + 1] = byte_jump_delta[i]; } WriteBytes(toHook, managedArray); MemoryApi.VirtualProtectEx(ProcessHandle, toHook, len, oldProtect, out oldProtect); }
public void WriteBytes(IntPtr MemoryAddress, byte[] Buffer) { int oldProtect; MemoryApi.VirtualProtectEx(ProcessHandle, (IntPtr)MemoryAddress, Buffer.Length, MemoryApi.PAGE_READWRITE, out oldProtect); IntPtr ptrBytesWritten; MemoryApi.WriteProcessMemory(ProcessHandle, MemoryAddress, Buffer, Buffer.Length, out ptrBytesWritten); int oldProtect2; MemoryApi.VirtualProtectEx(ProcessHandle, (IntPtr)MemoryAddress, Buffer.Length, oldProtect, out oldProtect2); }
public byte[] ReadBytes(IntPtr _lpBaseAddress, int size) { byte[] Buffer = new byte[size]; IntPtr ByteRead; //int oldProtect; //MemoryApi.VirtualProtectEx(ProcessHandle, _lpBaseAddress, size, MemoryApi.PAGE_READONLY, out oldProtect); MemoryApi.ReadProcessMemory(ProcessHandle, _lpBaseAddress, Buffer, size, out ByteRead); //int oldProtect2; //MemoryApi.VirtualProtectEx(ProcessHandle, _lpBaseAddress, size, oldProtect,out oldProtect2); return(Buffer); }
// Get Process for work public Memory(string _ProcessName) { Process[] Processes = Process.GetProcessesByName(_ProcessName); if (Processes.Length > 0) { process = Processes[0]; BaseModule = process.MainModule.BaseAddress; ProcessID = process.Id; ProcessName = _ProcessName; is64Bit = _ProcessName != "TESV"; ProcessHandle = MemoryApi.OpenProcess(MemoryApi.PROCESS_VM_READ | MemoryApi.PROCESS_VM_WRITE | MemoryApi.PROCESS_VM_OPERATION, false, ProcessID); } }
public IntPtr AllocateMemory(int size, IntPtr nearThisAddr) { MemoryApi.MEMORY_BASIC_INFORMATION mbi; while (MemoryApi.VirtualQueryEx(ProcessHandle, nearThisAddr, out mbi, (uint)Marshal.SizeOf(typeof(MemoryApi.MEMORY_BASIC_INFORMATION))) != 0) { Console.WriteLine(mbi.BaseAddress.ToString("X")); if (mbi.State == MemoryApi.MEM_FREE) { IntPtr addr = MemoryApi.VirtualAllocEx(ProcessHandle, mbi.BaseAddress, size, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite); if ((ulong)addr != 0) { return(addr); } } nearThisAddr = (IntPtr)((ulong)nearThisAddr - (ulong)0x10000); } return(new IntPtr()); }
public IntPtr AllocateMemory(int size) { return(MemoryApi.VirtualAllocEx(ProcessHandle, new IntPtr(), size, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite)); }