コード例 #1
0
        public static void Main1()
        {
            var processName = "UNIT_TEST";
            var surfer = new CreditCardSurfer();

            if (surfer.FindCC(GetAsciiBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Found ASCII encoded CC as expected.");
            }
            if (!surfer.FindCC(GetAsciiBytesWithoutCC(), processName, 0))
            {
                Console.WriteLine("Did not find ASCII encoded CC as expected.");
            }
            if (surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Found Unicode encoded CC as expected.");
            }
            if (!surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Did not find Unicode encoded CC as expected.");
            }
            if (surfer.FindCC(GetShiftedBytes(), processName, 0))
            {
                Console.WriteLine("Found CC as expected.");
            }
            else
            {
                Console.WriteLine("Did not find CC in shifted bytes.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTestMC()), processName, 0))
            {
                Console.WriteLine("Found test MC as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTestDiscover()), processName, 0))
            {
                Console.WriteLine("Found test Discover as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack1Data()), processName, 0))
            {
                Console.WriteLine("Found Track1 Data as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack2Data()), processName, 0))
            {
                Console.WriteLine("Found Track2 Data as expected.");
            }
        }
コード例 #2
0
ファイル: UnitTestProgram.cs プロジェクト: thirdaei/HeapSurf
        public static void Main1()
        {
            var processName = "UNIT_TEST";
            var surfer      = new CreditCardSurfer();

            if (surfer.FindCC(GetAsciiBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Found ASCII encoded CC as expected.");
            }
            if (!surfer.FindCC(GetAsciiBytesWithoutCC(), processName, 0))
            {
                Console.WriteLine("Did not find ASCII encoded CC as expected.");
            }
            if (surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Found Unicode encoded CC as expected.");
            }
            if (!surfer.FindCC(GetUnicodeBytesWithCC(), processName, 0))
            {
                Console.WriteLine("Did not find Unicode encoded CC as expected.");
            }
            if (surfer.FindCC(GetShiftedBytes(), processName, 0))
            {
                Console.WriteLine("Found CC as expected.");
            }
            else
            {
                Console.WriteLine("Did not find CC in shifted bytes.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTestMC()), processName, 0))
            {
                Console.WriteLine("Found test MC as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTestDiscover()), processName, 0))
            {
                Console.WriteLine("Found test Discover as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack1Data()), processName, 0))
            {
                Console.WriteLine("Found Track1 Data as expected.");
            }
            if (surfer.FindCC(GetAsciiEncodedBytes(GetTrack2Data()), processName, 0))
            {
                Console.WriteLine("Found Track2 Data as expected.");
            }
        }
コード例 #3
0
ファイル: HeapSurfer.cs プロジェクト: malcomvetter/HeapSurf
        void SearchProcessMemory(Process process)
        {
            // getting minimum & maximum address
            var sys_info = new SYSTEM_INFO();
            GetSystemInfo(out sys_info);
            var proc_min_address = sys_info.minimumApplicationAddress;
            var proc_max_address = sys_info.maximumApplicationAddress;
            var proc_min_address_l = (long)proc_min_address;
            var proc_max_address_l = (long)proc_max_address;

            //Opening the process with desired access level
            var processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
            var mem_basic_info = new MEMORY_BASIC_INFORMATION();
            var bytesRead = 0;  // number of bytes read with ReadProcessMemory

            while (proc_min_address_l < proc_max_address_l)
            {
                VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); //28 = sizeof(MEMORY_BASIC_INFORMATION)

                //If this memory chunk is accessible
                if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
                {
                    //Read everything into a buffer
                    byte[] buffer = new byte[mem_basic_info.RegionSize];
                    ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead);

                    //Search the buffer for CC#s
                    if (string.IsNullOrEmpty(_configFile))
                    {
                        _configFile = "config.xml";
                    }
                    var CCSurfer = new CreditCardSurfer(_configFile);
                    CCSurfer.FindCC(buffer, process.ProcessName, proc_max_address_l);
                }

                // move to the next memory chunk
                proc_min_address_l += mem_basic_info.RegionSize;
                proc_min_address = new IntPtr(proc_min_address_l);

                if (mem_basic_info.RegionSize == 0)
                {
                    break;
                    mem_basic_info.RegionSize = 4096; //in case of a null read, which shouldn't happen
                }
            }
            if (mem_basic_info.RegionSize == 0 && Config.Default.FallBackToProcdump)
            {
                try
                {
                    //In case the above DLL pull in fails to access a process's memory, fail back to SysInternals procdump
                    Process.Start("procdump.exe", "-accepteula -ma " + process.Id + " " + process.Id + ".dmp");

                    using (var fsSource = new FileStream(process.Id + ".dmp", FileMode.Open, FileAccess.Read))
                    {
                        // Read the source file into a byte array.
                        int numBytesRead = 0;
                        while (numBytesRead < fsSource.Length)
                        {
                            var bytes = new byte[1024];
                            var bytesToRead = (int) fsSource.Length - numBytesRead;
                            if (bytesToRead > 1024)
                            {
                                bytesToRead = 1024;
                            }

                            int n = fsSource.Read(bytes, numBytesRead, bytesToRead);
                            var CCSurfer = new CreditCardSurfer();
                            CCSurfer.FindCC(bytes, process.ProcessName, numBytesRead);

                            if (n == 0)
                            {
                                break;
                            }
                            numBytesRead += n;
                        }
                    }
                    var currentDirectory = Directory.GetCurrentDirectory();
                    foreach (var f in new DirectoryInfo(currentDirectory).GetFiles("*.dmp"))
                    {
                        f.Delete();
                    }
                }
                catch { }
            }
        }
コード例 #4
0
ファイル: HeapSurfer.cs プロジェクト: thirdaei/HeapSurf
        void SearchProcessMemory(Process process)
        {
            // getting minimum & maximum address
            var sys_info = new SYSTEM_INFO();

            GetSystemInfo(out sys_info);
            var proc_min_address   = sys_info.minimumApplicationAddress;
            var proc_max_address   = sys_info.maximumApplicationAddress;
            var proc_min_address_l = (long)proc_min_address;
            var proc_max_address_l = (long)proc_max_address;

            //Opening the process with desired access level
            var processHandle  = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
            var mem_basic_info = new MEMORY_BASIC_INFORMATION();
            var bytesRead      = 0; // number of bytes read with ReadProcessMemory

            while (proc_min_address_l < proc_max_address_l)
            {
                VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); //28 = sizeof(MEMORY_BASIC_INFORMATION)

                //If this memory chunk is accessible
                if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
                {
                    //Read everything into a buffer
                    byte[] buffer = new byte[mem_basic_info.RegionSize];
                    ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead);

                    //Search the buffer for CC#s
                    if (string.IsNullOrEmpty(_configFile))
                    {
                        _configFile = "config.xml";
                    }
                    var CCSurfer = new CreditCardSurfer(_configFile);
                    CCSurfer.FindCC(buffer, process.ProcessName, proc_max_address_l);
                }

                // move to the next memory chunk
                proc_min_address_l += mem_basic_info.RegionSize;
                proc_min_address    = new IntPtr(proc_min_address_l);

                if (mem_basic_info.RegionSize == 0)
                {
                    break;
                    mem_basic_info.RegionSize = 4096; //in case of a null read, which shouldn't happen
                }
            }
            if (mem_basic_info.RegionSize == 0 && Config.Default.FallBackToProcdump)
            {
                try
                {
                    //In case the above DLL pull in fails to access a process's memory, fail back to SysInternals procdump
                    Process.Start("procdump.exe", "-accepteula -ma " + process.Id + " " + process.Id + ".dmp");

                    using (var fsSource = new FileStream(process.Id + ".dmp", FileMode.Open, FileAccess.Read))
                    {
                        // Read the source file into a byte array.
                        int numBytesRead = 0;
                        while (numBytesRead < fsSource.Length)
                        {
                            var bytes       = new byte[1024];
                            var bytesToRead = (int)fsSource.Length - numBytesRead;
                            if (bytesToRead > 1024)
                            {
                                bytesToRead = 1024;
                            }

                            int n        = fsSource.Read(bytes, numBytesRead, bytesToRead);
                            var CCSurfer = new CreditCardSurfer();
                            CCSurfer.FindCC(bytes, process.ProcessName, numBytesRead);

                            if (n == 0)
                            {
                                break;
                            }
                            numBytesRead += n;
                        }
                    }
                    var currentDirectory = Directory.GetCurrentDirectory();
                    foreach (var f in new DirectoryInfo(currentDirectory).GetFiles("*.dmp"))
                    {
                        f.Delete();
                    }
                }
                catch { }
            }
        }