Exemplo n.º 1
0
        public bool WriteProcessMemory(UIntPtr address, byte[] buffer, bool absoluteAddressing = false)
        {
            int numOfBytes = 0;

            if (!absoluteAddressing)
            {
                address = new UIntPtr(address.ToUInt32() & ~0x80000000U);
            }

            IntPtr processAddress = absoluteAddressing ? new IntPtr((long)address.ToUInt64()) :
                                    new IntPtr((long)ConvertAddressEndianess(new UIntPtr(address.ToUInt32() + (ulong)ProcessMemoryOffset.ToInt64()), buffer.Length));

            // Safety bounds check
            if (processAddress.ToInt64() < ProcessMemoryOffset.ToInt64())
            {
                return(false);
            }
            if (processAddress.ToInt64() + buffer.Length >= ProcessMemoryOffset.ToInt64() + Config.RamSize)
            {
                return(false);
            }

            return(Kernal32NativeMethods.ProcessWriteMemory(_processHandle, processAddress,
                                                            buffer, (IntPtr)buffer.Length, ref numOfBytes));
        }
Exemplo n.º 2
0
        public bool ReadProcessMemory(int address, byte[] buffer, bool absoluteAddressing = false)
        {
            if (_process == null)
            {
                return(false);
            }

            int numOfBytes = 0;

            return(Kernal32NativeMethods.ProcessReadMemory(_processHandle, absoluteAddressing ? new IntPtr(address) : new IntPtr(address + ProcessMemoryOffset.ToInt64()),
                                                           buffer, (IntPtr)buffer.Length, ref numOfBytes));
        }
Exemplo n.º 3
0
        public void Resume()
        {
            if (!IsSuspended || _process == null)
            {
                return;
            }

            // Resume all threads
            Kernal32NativeMethods.ResumeProcess(_process);

            IsSuspended = false;
            OnStatusChanged?.Invoke(this, new EventArgs());
        }
Exemplo n.º 4
0
        public void Suspend()
        {
            if (IsSuspended || _process == null)
            {
                return;
            }

            _lastUpdateBeforePausing = true;

            Kernal32NativeMethods.SuspendProcess(_process);

            IsSuspended = true;
            OnStatusChanged?.Invoke(this, new EventArgs());
        }
Exemplo n.º 5
0
        public static void SuspendProcess(Process process)
        {
            // Pause all threads
            foreach (ProcessThread pT in process.Threads)
            {
                IntPtr pOpenThread = Kernal32NativeMethods.OpenThread(Kernal32NativeMethods.ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);

                if (pOpenThread == IntPtr.Zero)
                {
                    continue;
                }

                Kernal32NativeMethods.SuspendThread(pOpenThread);
                Kernal32NativeMethods.CloseHandle(pOpenThread);
            }
        }
Exemplo n.º 6
0
        public static void ResumeProcess(Process process)
        {
            // Resume all threads
            foreach (ProcessThread pT in process.Threads)
            {
                IntPtr pOpenThread = Kernal32NativeMethods.OpenThread(Kernal32NativeMethods.ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);

                if (pOpenThread == IntPtr.Zero)
                {
                    continue;
                }

                int suspendCount = 0;
                do
                {
                    suspendCount = Kernal32NativeMethods.ResumeThread(pOpenThread);
                } while (suspendCount > 0);

                Kernal32NativeMethods.CloseHandle(pOpenThread);
            }
        }
Exemplo n.º 7
0
 public static bool ProcessReadMemory(IntPtr hProcess,
                                      IntPtr lpBaseAddress, byte[] lpBuffer, IntPtr dwSize, ref int lpNumberOfBytesRead)
 {
     return(Kernal32NativeMethods.ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, dwSize, ref lpNumberOfBytesRead));
 }
Exemplo n.º 8
0
        public bool SwitchProcess(Process newProcess, Emulator emulator)
        {
            lock (_enableLocker)
            {
                IsEnabled = false;
            }

            // Make sure old process is running
            if (IsSuspended)
            {
                Resume();
            }

            // Close old process
            Kernal32NativeMethods.CloseProcess(_processHandle);

            // Disconnect events
            if (_process != null)
            {
                _process.Exited -= ProcessClosed;
            }

            // Find DLL offset if needed
            IntPtr dllOffset  = new IntPtr();
            bool   dllSuccess = true;

            if (emulator != null && emulator.Dll != null)
            {
                var dll = newProcess.Modules.Cast <ProcessModule>()
                          .FirstOrDefault(d => d.ModuleName == emulator.Dll);
                if (dll == null)
                {
                    dllSuccess = false;
                }
                else
                {
                    dllOffset = dll.BaseAddress;
                }
            }

            // Make sure the new process has a value and that all DLLs where found
            if (newProcess == null || emulator == null || !dllSuccess)
            {
                _processHandle = new IntPtr();
                _process       = null;
                _emulator      = null;
                _ramStart      = new IntPtr();
                OnStatusChanged?.Invoke(this, new EventArgs());
                return(false);
            }

            // Open and set new process
            _process       = newProcess;
            _emulator      = emulator;
            _ramStart      = new IntPtr(_emulator.RamStart + dllOffset.ToInt64());
            _processHandle = Kernal32NativeMethods.ProcessGetHandleFromId(0x0838, false, _process.Id);

            if ((int)_processHandle == 0)
            {
                OnStatusChanged?.Invoke(this, new EventArgs());
                return(false);
            }

            try
            {
                _process.EnableRaisingEvents = true;
            }
            catch (Exception)
            {
                return(false);
            }
            _process.Exited += ProcessClosed;

            IsSuspended = false;
            IsClosed    = false;
            lock (_enableLocker)
            {
                IsEnabled = true;
            }
            OnStatusChanged?.Invoke(this, new EventArgs());

            return(true);
        }