public static bool ReadPointer(this Process process, IntPtr addr, bool is64Bit, out IntPtr val) { var bytes = new byte[is64Bit ? 8 : 4]; SizeT read; val = IntPtr.Zero; if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) || read != (SizeT)bytes.Length) { return(false); } try { val = is64Bit ? (IntPtr)BitConverter.ToInt64(bytes, 0) : (IntPtr)BitConverter.ToUInt32(bytes, 0); } catch (OverflowException) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine($"bad pointer!!!, addr {addr.ToString("X")}, value {ReadValue<uint>(process, addr):X}"); Console.ForegroundColor = ConsoleColor.White; val = IntPtr.Zero; } return(true); }
public static bool ReadString(this Process process, IntPtr addr, ReadStringType type, StringBuilder sb) { var bytes = new byte[sb.Capacity]; SizeT read; if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) || read != (SizeT)bytes.Length) { return(false); } if (type == ReadStringType.AutoDetect) { if (read.ToUInt64() >= 2 && bytes[1] == '\x0') { sb.Append(Encoding.Unicode.GetString(bytes)); } else { sb.Append(Encoding.UTF8.GetString(bytes)); } } else if (type == ReadStringType.UTF8) { sb.Append(Encoding.UTF8.GetString(bytes)); } else if (type == ReadStringType.UTF16) { sb.Append(Encoding.Unicode.GetString(bytes)); } else { sb.Append(Encoding.ASCII.GetString(bytes)); } for (int i = 0; i < sb.Length; i++) { if (sb[i] == '\0') { sb.Remove(i, sb.Length - i); break; } } return(true); }
public static bool ReadPointer(this Process process, IntPtr addr, bool is64Bit, out IntPtr val) { var bytes = new byte[is64Bit ? 8 : 4]; SizeT read; val = IntPtr.Zero; if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) || read != (SizeT)bytes.Length) { return(false); } val = is64Bit ? (IntPtr)BitConverter.ToInt64(bytes, 0) : (IntPtr)BitConverter.ToUInt32(bytes, 0); return(true); }
public static bool ReadBytes(this Process process, IntPtr addr, int count, out byte[] val) { var bytes = new byte[count]; SizeT read; val = null; if (!WinAPI.ReadProcessMemory(process.Handle, addr, bytes, (SizeT)bytes.Length, out read) || read != (SizeT)bytes.Length) { return(false); } val = bytes; return(true); }