C# (CSharp) LiveSplit.ComponentUtil WinAPI.ReadProcessMemory 예제들

예제 #1

파일: ProcessExtensions.cs 프로젝트: thisis2838/SE-Finder

        public static bool ReadPointer(this Process process, IntPtr addr, bool is64Bit, out IntPtr val)
        {
            var bytes = new byte[is64Bit ? 8 : 4];

            SizeT read;

            val = IntPtr.Zero;
            if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) ||
                read != (SizeT)bytes.Length)
            {
                return(false);
            }

            try
            {
                val = is64Bit ? (IntPtr)BitConverter.ToInt64(bytes, 0) : (IntPtr)BitConverter.ToUInt32(bytes, 0);
            }
            catch (OverflowException)
            {
                Console.ForegroundColor = ConsoleColor.Red;
                Console.WriteLine($"bad pointer!!!, addr {addr.ToString("X")}, value {ReadValue<uint>(process, addr):X}");
                Console.ForegroundColor = ConsoleColor.White;
                val = IntPtr.Zero;
            }

            return(true);
        }

예제 #2

        public static bool ReadString(this Process process, IntPtr addr, ReadStringType type, StringBuilder sb)
        {
            var   bytes = new byte[sb.Capacity];
            SizeT read;

            if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) ||
                read != (SizeT)bytes.Length)
            {
                return(false);
            }

            if (type == ReadStringType.AutoDetect)
            {
                if (read.ToUInt64() >= 2 && bytes[1] == '\x0')
                {
                    sb.Append(Encoding.Unicode.GetString(bytes));
                }
                else
                {
                    sb.Append(Encoding.UTF8.GetString(bytes));
                }
            }
            else if (type == ReadStringType.UTF8)
            {
                sb.Append(Encoding.UTF8.GetString(bytes));
            }
            else if (type == ReadStringType.UTF16)
            {
                sb.Append(Encoding.Unicode.GetString(bytes));
            }
            else
            {
                sb.Append(Encoding.ASCII.GetString(bytes));
            }

            for (int i = 0; i < sb.Length; i++)
            {
                if (sb[i] == '\0')
                {
                    sb.Remove(i, sb.Length - i);
                    break;
                }
            }

            return(true);
        }

예제 #3

        public static bool ReadPointer(this Process process, IntPtr addr, bool is64Bit, out IntPtr val)
        {
            var bytes = new byte[is64Bit ? 8 : 4];

            SizeT read;

            val = IntPtr.Zero;
            if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) ||
                read != (SizeT)bytes.Length)
            {
                return(false);
            }

            val = is64Bit ? (IntPtr)BitConverter.ToInt64(bytes, 0) : (IntPtr)BitConverter.ToUInt32(bytes, 0);

            return(true);
        }

예제 #4

        public static bool ReadBytes(this Process process, IntPtr addr, int count, out byte[] val)
        {
            var bytes = new byte[count];

            SizeT read;

            val = null;
            if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) ||
                read != (SizeT)bytes.Length)
            {
                return(false);
            }

            val = bytes;

            return(true);
        }