Exemplos de NktSpyMgr.ProcessMemoryFromPID em C# (CSharp)

Linguagem de programação: C# (CSharp)

Classe / Tipo: NktSpyMgr

Método / Função: ProcessMemoryFromPID

Exemplos em hotexamples.com: 2

NktSpyMgr.ProcessMemoryFromPID em C# (CSharp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de NktSpyMgr.ProcessMemoryFromPID em C# (CSharp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Métodos Frequentes

Exibir Ocultar

Initialize(12)

CreateHook(11)

Processes(9)

CreateHookForAddress(5)

CreateProcess(4)

ResumeProcess(4)

ProcessFromPID(2)

Hooks(2)

ProcessMemoryFromPID(2)

TerminateProcess(1)

CallCustomApi(1)

LoadCustomDll(1)

LoadAgent(1)

DestroyHook(1)

DbModules(1)

CreateHooksCollection(1)

UnloadCustomDll(1)

Métodos Frequentes

Initialize (12)

CreateHook (11)

Processes (9)

CreateHookForAddress (5)

CreateProcess (4)

ResumeProcess (4)

ProcessFromPID (2)

Hooks (2)

ProcessMemoryFromPID (2)

TerminateProcess (1)

Métodos Frequentes

CallCustomApi (1)

LoadCustomDll (1)

LoadAgent (1)

DestroyHook (1)

DbModules (1)

CreateHooksCollection (1)

UnloadCustomDll (1)

Relacionados

Framework.Node

FastEmaIndicator

InfoOrganizationCollection

Company

ListTagsForResourceRequest

SquareSelectable

XamlReadOnlyCodeRenderer

ConversationCountChanged

Vector

zCWaypoint

Related in langs

CveException (PHP)

DefaultElementLocatorTest (PHP)

virCgroupNewDetectMachine (C++)

BufferReader (C++)

PutRepo (Go)

NewEmptyIterator (Go)

Offer (Java)

Base (Java)

run (Python)

dist (Python)

Exemplo n.º 1

0

Exibir arquivo

private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo) { NktStackTrace stack = hookCallInfo.StackTrace(); NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id); UInt32 StackOpcodeSize = 50; byte[] StackOpcode = new byte[StackOpcodeSize]; for (UInt32 n = 0; n < StackOpcodeSize; n++) { StackOpcode[n] = (byte)memory.Read((IntPtr)((UInt64)stack.Address(0) - StackOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte); } UInt64 actualAddr = (UInt64)hookCallInfo.get_Register(eNktRegister.asmRegEip); UInt64 nInstrSize = (UInt64)GetInstrSize(StackOpcode, StackOpcodeSize); UInt64 callingAddr = (UInt64)stack.Address(0) - nInstrSize; string str = "From: 0x" + callingAddr.ToString("x") + " To: 0x" + actualAddr.ToString("x") + "\n"; Output(str, false); actualAddr -= SecStartAddress; callingAddr -= SecStartAddress; CROSSREF crossref = new CROSSREF(); crossref.From = callingAddr; crossref.To = actualAddr; CrossRefSet.Add(crossref); }

Exemplo n.º 2

0

Exibir arquivo

byte[] GetValue(uint pid, INktParam paramData, INktParam paramSize, bool sizeAndTypeArePtr) { byte[] buffer = null; uint valueSize; if (sizeAndTypeArePtr) { if (paramSize.IsNullPointer == false) { valueSize = paramSize.Evaluate().ULongVal; } else { valueSize = 0; } } else { valueSize = paramSize.ULongVal; } if (paramData.IsNullPointer == false) { //if (paramData.PointerVal != IntPtr.Zero) if (!paramData.PointerVal.Equals(IntPtr.Zero)) { INktProcessMemory procMem = _spyMgr.ProcessMemoryFromPID((int)pid); //var buffer = new byte[valueSize]; buffer = new byte[valueSize]; GCHandle pinnedBuffer = GCHandle.Alloc(buffer, GCHandleType.Pinned); IntPtr pDest = pinnedBuffer.AddrOfPinnedObject(); //Int64 bytesReaded = procMem.ReadMem(pDest, paramData.PointerVal, (IntPtr)valueSize).ToInt64(); //Int64 bytesReaded = procMem.ReadMem((int) pDest, (int)paramData.PointerVal, (int) valueSize).ToInt64(); Int64 bytesReaded = procMem.ReadMem(pDest, paramData.PointerVal, (IntPtr)valueSize).ToInt64(); pinnedBuffer.Free(); /* valueData = ""; * for (int i = 0; i < bytesReaded; i++) * { * if (i != 0) * valueData += " "; * valueData += Convert.ToByte(buffer[i]).ToString("X2"); * }*/ } } return(buffer); }