protected void ScanRegions(bool onlyMe) { var memRegionAddr = new IntPtr(); string targetExeName = Path.GetFileName(_Process.MainModule.FileName); while (true) { var regionInfo = new MemoryReaderApi.MEMORY_BASIC_INFORMATION(); if (MemoryReaderApi.VirtualQueryEx(_Process.Handle, memRegionAddr, out regionInfo, (uint)Marshal.SizeOf(regionInfo)) != 0) { if (regionInfo.BaseAddress.ToInt64() + regionInfo.RegionSize >= 0x80000000) { break; } memRegionAddr = new IntPtr(regionInfo.BaseAddress.ToInt32() + regionInfo.RegionSize); if ((regionInfo.State & 0x10000) != 0) // MemoryReaderApi.PageFlags.Free) { continue; } if (onlyMe) { StringBuilder processName = new StringBuilder(255); MemoryReaderApi.GetMappedFileName(_Process.Handle, memRegionAddr, processName, processName.Capacity); if (!processName.ToString().Contains(targetExeName)) { continue; } } if (true || (regionInfo.State & (uint)MemoryReaderApi.PageFlags.MEM_COMMIT) != 0 && (regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.WRITABLE) != 0 && (regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_GUARD) == 0 ) { // TODO: Parse commit, writability & guard. bool execute = ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE) != 0) || ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READ) != 0) || ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READWRITE) != 0) || ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_WRITECOPY) != 0); var region = new MemoryRegion(regionInfo.BaseAddress.ToInt32(), (int)regionInfo.RegionSize, execute); _regions.Add(region); } } else { //int err = MemoryReaderApi.GetLastError(); //if (err != 0) // throw new Exception("Failed to scan memory regions."); break; // last block, done! } } }
public virtual bool Close() { if (m_hProcess == null || m_hProcess == IntPtr.Zero) { return(false); } var iRetValue = MemoryReaderApi.CloseHandle(m_hProcess); return(iRetValue != 0); }
public virtual bool Read(int memoryAddress, byte[] buffer) { if (Diagnostic) { _readCalls++; } IntPtr ptrBytesReaded; MemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)memoryAddress, buffer, (uint)buffer.Length, out ptrBytesReaded); return((int)ptrBytesReaded == buffer.Length); }
public virtual byte[] Read(IntPtr memoryAddress, uint bytesToRead) { if (Diagnostic) { _readCalls++; } IntPtr ptrBytesReaded; var buffer = new byte[bytesToRead]; MemoryReaderApi.ReadProcessMemory(m_hProcess, memoryAddress, buffer, bytesToRead, out ptrBytesReaded); return(buffer); }
public virtual bool Open(Process p) { m_hProcess = MemoryReaderApi.OpenProcess((uint)MemoryReaderApi.AccessType.PROCESS_VM_READ, 0, (uint)p.Id); var result = ((m_hProcess == IntPtr.Zero) ? false : true); if (result) { _Process = p; } if (result) { ScanRegions(); } return(result); }