public static byte[] ReadProcessMemory(uint hProcess, ulong address, int dwSize)
{
ulong minAddress = address;
ulong maxAddress = address + (ulong)dwSize;
MEMORY_BASIC_INFORMATION memBasicInfo;
var bytes = new byte[0];
IntPtr regionSize = IntPtr.Zero;
memBasicInfo = new MEMORY_BASIC_INFORMATION();
while (minAddress < maxAddress)
{
var infoSize = VirtualQueryEx(hProcess, new IntPtr((long)minAddress), out memBasicInfo, (uint)memBasicInfo.SizeOf());
regionSize = memBasicInfo.RegionSize;
if (memBasicInfo.Protect == AllocationProtectEnum.Readonly | memBasicInfo.Protect == AllocationProtectEnum.ReadWrite | memBasicInfo.Protect == AllocationProtectEnum.ExecuteRead | memBasicInfo.Protect == AllocationProtectEnum.ExecuteReadWrite)
{
int bytesRead = 0;
var buffer = new byte[(int)regionSize];
ReadProcessMemory(hProcess, memBasicInfo.BaseAddress, buffer, (int)regionSize, ref bytesRead);
if (bytesRead.As <int>() > 0)
{
if (bytesRead == (int)regionSize)
{
bytes = bytes.Append(buffer);
}
else
{
bytes = bytes.Append(buffer.PadRight((int)regionSize));
}
}
}
else
{
bytes = bytes.Append(new byte[(int)regionSize]);
}
minAddress += (ulong)regionSize;
}
return(bytes);
}
public static MEMORY_BASIC_INFORMATION GetMemoryInfo(uint hProcess, ulong address)
{
var memBasicInfo = new MEMORY_BASIC_INFORMATION();
var processId = GetProcessId(hProcess);
if (VirtualQueryEx(hProcess, new IntPtr((long)address), out memBasicInfo, (uint)memBasicInfo.SizeOf()) > 0)
{
return(memBasicInfo);
}
throw new Win32Exception(Marshal.GetLastWin32Error());
}
