static extern bool VirtualProtectEx( IntPtr hProcess, IntPtr lpAddress, uint dwSize, AllocationProtect flNewProtect, out AllocationProtect lpflOldProtect );
public static extern IntPtr CreateFileMapping( IntPtr hFile, UInt32 lpAttributes, AllocationProtect flProtect, UInt32 dwMaxSizeHi, UInt32 dwMaxSizeLow, string lpName );
public static extern uint VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, AllocationType flAllocationType, AllocationProtect flProtect);
private static extern IntPtr VirtualAllocEx(IntPtr intptr_0, IntPtr intptr_1, IntPtr intptr_2, AllocationType allocationType_0, AllocationProtect allocationProtect_0);
public static Boolean WriteRemoteMem(IntPtr hProc, IntPtr pSource, IntPtr pDest, Int32 Size, AllocationProtect Protect) { UInt32 BytesWritten = 0; Boolean bRemoteWrite = WriteProcessMemory(hProc, pDest, pSource, (uint)Size, ref BytesWritten); if (!bRemoteWrite) { return(false); } UInt32 OldProtect = 0; Boolean bProtect = VirtualProtectEx(hProc, pDest, (uint)Size, Protect, ref OldProtect); if (!bProtect) { return(false); } return(true); }
public static extern Boolean VirtualProtectEx( IntPtr hProcess, IntPtr lpAddress, UInt32 dwSize, AllocationProtect flNewProtect, ref UInt32 lpflOldProtect);
static extern IntPtr VirtualAllocEx(UIntPtr hProcess, IntPtr lpAddress, uint dwSize, MemoryState flAllocationType, AllocationProtect flProtect);
public MagicManager(Process process, long[] romPtrBaseSuggestions, long[] ramPtrBaseSuggestions, int offset, bool exScan) { GC.Collect(); this.process = process; bool isRomFound = false; bool isRamFound = false; foreach (uint romPtrBaseSuggestion in romPtrBaseSuggestions) { romPtrBase = romPtrBaseSuggestion; if (IsRomBaseValid()) { isRomFound = true; break; } } foreach (uint ramPtrBaseSuggestion in ramPtrBaseSuggestions) { ramPtrBase = ramPtrBaseSuggestion; if (IsRamBaseValid()) { isRamFound = true; break; } } ulong parallelStart = 0; ulong parallelEnd = 0; foreach (ProcessModule module in process.Modules) { if (module.ModuleName.Contains("parallel_n64")) { parallelStart = (ulong)module.BaseAddress; parallelEnd = parallelStart + (ulong)module.ModuleMemorySize; } } ulong MaxAddress = process.Is64Bit() ? 0x800000000000U : 0xffffffffU; ulong address = 0; do { if (isRomFound && isRamFound) { break; } MEMORY_BASIC_INFORMATION m; int result = VirtualQueryEx(process.Handle, new UIntPtr(address), out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION))); if (address == (ulong)m.BaseAddress + (ulong)m.RegionSize || result == 0) { break; } AllocationProtect prot = (AllocationProtect)(m.Protect & 0xff); if (prot == AllocationProtect.PAGE_EXECUTE_READWRITE || prot == AllocationProtect.PAGE_EXECUTE_WRITECOPY || prot == AllocationProtect.PAGE_READWRITE || prot == AllocationProtect.PAGE_WRITECOPY || prot == AllocationProtect.PAGE_READONLY) { uint value; bool readSuccess = process.ReadValue(new IntPtr((long)(address + (ulong)offset)), out value); if (readSuccess) { if (!isRamFound && ((value & ramMagicMask) == ramMagic)) { ramPtrBase = address + (ulong)offset; isRamFound = true; } if (!isRomFound && value == romMagic) { romPtrBase = address + (ulong)offset; isRomFound = true; } } // scan only large regions - we want to find g_rdram ulong regionSize = (ulong)m.RegionSize; if (parallelStart <= address && address <= parallelEnd && regionSize >= 0x800000) { // g_rdram is aligned to 0x1000 ulong maxCnt = (ulong)m.RegionSize / 0x1000; for (ulong num = 0; num < maxCnt; num++) { readSuccess = process.ReadValue(new IntPtr((long)(address + num * 0x1000)), out value); if (readSuccess) { if (!isRamFound && ((value & ramMagicMask) == ramMagic)) { ramPtrBase = address + num * 0x1000; isRamFound = true; } } if (isRamFound) { break; } } } } address = (ulong)m.BaseAddress + (ulong)m.RegionSize; }while (address <= MaxAddress); if (!isRomFound || !isRamFound) { throw new ArgumentException("Failed to find rom and ram!"); } uint[] mem; { byte[] bytes = process.ReadBytes(new IntPtr((long)ramPtrBase), 0x400000); int size = bytes.Count() / 4; mem = new uint[size]; for (int idx = 0; idx < size; idx++) { mem[idx] = BitConverter.ToUInt32(bytes, 4 * idx); } } DecompManager dm = new DecompManager(mem); if (!dm.gSaveBuffer.HasValue) { throw new ArgumentException("Failed to gSaveBuffer!"); } saveBufferOffset = dm.gSaveBuffer.Value & 0xffffff; saveFileSize = dm.gSaveFileSize.Value; verificationBytes = dm.VerificationBytes; verificationOffset = dm.VerificationOffset.Value; isDecomp = saveBufferOffset != 0x207700; // TODO: This is inaccurate }