protected void ScanRegions(bool onlyMe)
{
var memRegionAddr = new IntPtr();
string targetExeName = Path.GetFileName(_Process.MainModule.FileName);
while (true)
{
var regionInfo = new MemoryReaderApi.MEMORY_BASIC_INFORMATION();
if (MemoryReaderApi.VirtualQueryEx(_Process.Handle, memRegionAddr, out regionInfo, (uint)Marshal.SizeOf(regionInfo)) != 0)
{
if (regionInfo.BaseAddress.ToInt64() + regionInfo.RegionSize >= 0x80000000)
{
break;
}
memRegionAddr = new IntPtr(regionInfo.BaseAddress.ToInt32() + regionInfo.RegionSize);
if ((regionInfo.State & 0x10000) != 0) // MemoryReaderApi.PageFlags.Free)
{
continue;
}
if (onlyMe)
{
StringBuilder processName = new StringBuilder(255);
MemoryReaderApi.GetMappedFileName(_Process.Handle, memRegionAddr, processName,
processName.Capacity);
if (!processName.ToString().Contains(targetExeName))
{
continue;
}
}
if (true || (regionInfo.State & (uint)MemoryReaderApi.PageFlags.MEM_COMMIT) != 0 &&
(regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.WRITABLE) != 0 &&
(regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_GUARD) == 0
)
{
// TODO: Parse commit, writability & guard.
bool execute = ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE) != 0) ||
((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READ) != 0) ||
((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READWRITE) != 0) ||
((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_WRITECOPY) != 0);
var region = new MemoryRegion(regionInfo.BaseAddress.ToInt32(), (int)regionInfo.RegionSize, execute);
_regions.Add(region);
}
}
else
{
//int err = MemoryReaderApi.GetLastError();
//if (err != 0)
// throw new Exception("Failed to scan memory regions.");
break; // last block, done!
}
}
}
public virtual bool Close()
{
if (m_hProcess == null || m_hProcess == IntPtr.Zero)
{
return(false);
}
var iRetValue = MemoryReaderApi.CloseHandle(m_hProcess);
return(iRetValue != 0);
}
public virtual bool Read(int memoryAddress, byte[] buffer)
{
if (Diagnostic)
{
_readCalls++;
}
IntPtr ptrBytesReaded;
MemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)memoryAddress, buffer, (uint)buffer.Length, out ptrBytesReaded);
return((int)ptrBytesReaded == buffer.Length);
}
public virtual byte[] Read(IntPtr memoryAddress, uint bytesToRead)
{
if (Diagnostic)
{
_readCalls++;
}
IntPtr ptrBytesReaded;
var buffer = new byte[bytesToRead];
MemoryReaderApi.ReadProcessMemory(m_hProcess, memoryAddress, buffer, bytesToRead, out ptrBytesReaded);
return(buffer);
}
public virtual bool Open(Process p)
{
m_hProcess = MemoryReaderApi.OpenProcess((uint)MemoryReaderApi.AccessType.PROCESS_VM_READ, 0, (uint)p.Id);
var result = ((m_hProcess == IntPtr.Zero) ? false : true);
if (result)
{
_Process = p;
}
if (result)
{
ScanRegions();
}
return(result);
}
