private List <MemorySegmentInfo> EnumerateSegments64(UInt64 moduleBaseAddress, int moduleLength) { List <MemorySegmentInfo> segments = new List <MemorySegmentInfo>(); MEMORY_BASIC_INFORMATION64 memInfo = new MEMORY_BASIC_INFORMATION64(); UInt64 addressIter = moduleBaseAddress; UInt64 addressEnd = moduleBaseAddress + (UInt64)moduleLength; while (addressIter < addressEnd) { if (MemoryAPI.VirtualQueryEx64(ProcessHandle, (IntPtr)addressIter, out memInfo, 48) == 0) //48 = sizeof(MEMORY_BASIC_INFORMATION64) { throw new Exception("VirtualQueryEx failed! " + MemoryAPI.GetLastError().ToString()); } if (memInfo.State == (int)MemoryState.MEM_COMMIT) { segments.Add(new MemorySegmentInfo() { SegmentStart = (UInt64)memInfo.BaseAddress, SegmentSize = memInfo.RegionSize }); } addressIter += (UInt64)memInfo.RegionSize; } return(segments); }
private void Open() { string processPath = CurrentProcess.MainModule.FileName; BinaryType processBinaryType; if (!MemoryAPI.GetBinaryType(processPath, out processBinaryType)) { throw new Exception("Failed to get process binary type!"); } switch (processBinaryType) { case BinaryType.SCS_32BIT_BINARY: Is64BitProcess = false; break; case BinaryType.SCS_64BIT_BINARY: Is64BitProcess = true; break; default: throw new Exception("Unsupported process type!"); } ProcessHandle = MemoryAPI.OpenProcess(CurrentProcess, ProcessAccessFlags.All); if (ProcessHandle == IntPtr.Zero) { throw new Exception("Failed to open process!"); } ProcessOpen = true; }
public void WriteBuffer(UInt64 address, byte[] bytes) { if (!IsOpen()) { throw new Exception("Process is not open!"); } IntPtr targetAddress = (IntPtr)address; IntPtr numWrite; uint oldProtect, oldProtect2; MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, (uint)MemoryProtection.PAGE_EXECUTE_READWRITE, out oldProtect); if (!MemoryAPI.WriteProcessMemory(ProcessHandle, targetAddress, bytes, bytes.Length, out numWrite)) { MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2); throw new Exception("Failed writing memory!"); } if ((int)numWrite != bytes.Length) { MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2); throw new Exception("Could not write enough bytes!"); } MemoryAPI.VirtualProtectEx(ProcessHandle, targetAddress, (UIntPtr)bytes.Length, oldProtect, out oldProtect2); }
public void Close(bool GC_Call) { if (!ProcessOpen) { return; } MemoryAPI.CloseHandle(ProcessHandle); ProcessHandle = IntPtr.Zero; ProcessOpen = false; }
public byte[] ReadBuffer(UInt64 address, int size) { if (!IsOpen()) { throw new Exception("Process is not open!"); } IntPtr targetAddress = (IntPtr)address; IntPtr numRead; byte[] returnBytes = new byte[size]; if (!MemoryAPI.ReadProcessMemory(ProcessHandle, targetAddress, returnBytes, size, out numRead)) { throw new Exception("Failed reading memory!"); } if ((int)numRead != size) { throw new Exception("Could not read enough bytes!"); } return(returnBytes); }