Exemplo n.º 1
0
        protected void ScanRegions(bool onlyMe)
        {
            var    memRegionAddr = new IntPtr();
            string targetExeName = Path.GetFileName(_Process.MainModule.FileName);

            while (true)
            {
                var regionInfo = new MemoryReaderApi.MEMORY_BASIC_INFORMATION();
                if (MemoryReaderApi.VirtualQueryEx(_Process.Handle, memRegionAddr, out regionInfo, (uint)Marshal.SizeOf(regionInfo)) != 0)
                {
                    if (regionInfo.BaseAddress.ToInt64() + regionInfo.RegionSize >= 0x80000000)
                    {
                        break;
                    }
                    memRegionAddr = new IntPtr(regionInfo.BaseAddress.ToInt32() + regionInfo.RegionSize);
                    if ((regionInfo.State & 0x10000) != 0) // MemoryReaderApi.PageFlags.Free)
                    {
                        continue;
                    }

                    if (onlyMe)
                    {
                        StringBuilder processName = new StringBuilder(255);
                        MemoryReaderApi.GetMappedFileName(_Process.Handle, memRegionAddr, processName,
                                                          processName.Capacity);

                        if (!processName.ToString().Contains(targetExeName))
                        {
                            continue;
                        }
                    }

                    if (true || (regionInfo.State & (uint)MemoryReaderApi.PageFlags.MEM_COMMIT) != 0 &&
                        (regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.WRITABLE) != 0 &&
                        (regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_GUARD) == 0
                        )
                    {
                        // TODO: Parse commit, writability & guard.
                        bool execute = ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE) != 0) ||
                                       ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READ) != 0) ||
                                       ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_READWRITE) != 0) ||
                                       ((regionInfo.Protect & (uint)MemoryReaderApi.PageFlags.PAGE_EXECUTE_WRITECOPY) != 0);
                        var region = new MemoryRegion(regionInfo.BaseAddress.ToInt32(), (int)regionInfo.RegionSize, execute);
                        _regions.Add(region);
                    }
                }
                else
                {
                    //int err = MemoryReaderApi.GetLastError();
                    //if (err != 0)
                    //    throw new Exception("Failed to scan memory regions.");
                    break; // last block, done!
                }
            }
        }
Exemplo n.º 2
0
        public virtual bool Close()
        {
            if (m_hProcess == null || m_hProcess == IntPtr.Zero)
            {
                return(false);
            }

            var iRetValue = MemoryReaderApi.CloseHandle(m_hProcess);

            return(iRetValue != 0);
        }
Exemplo n.º 3
0
        public virtual bool Read(int memoryAddress, byte[] buffer)
        {
            if (Diagnostic)
            {
                _readCalls++;
            }
            IntPtr ptrBytesReaded;

            MemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)memoryAddress, buffer, (uint)buffer.Length, out ptrBytesReaded);
            return((int)ptrBytesReaded == buffer.Length);
        }
Exemplo n.º 4
0
        public virtual byte[] Read(IntPtr memoryAddress, uint bytesToRead)
        {
            if (Diagnostic)
            {
                _readCalls++;
            }
            IntPtr ptrBytesReaded;
            var    buffer = new byte[bytesToRead];

            MemoryReaderApi.ReadProcessMemory(m_hProcess, memoryAddress, buffer, bytesToRead, out ptrBytesReaded);
            return(buffer);
        }
Exemplo n.º 5
0
        public virtual bool Open(Process p)
        {
            m_hProcess = MemoryReaderApi.OpenProcess((uint)MemoryReaderApi.AccessType.PROCESS_VM_READ, 0, (uint)p.Id);

            var result = ((m_hProcess == IntPtr.Zero) ? false : true);

            if (result)
            {
                _Process = p;
            }
            if (result)
            {
                ScanRegions();
            }

            return(result);
        }