public void CacheMemoryRegions()
{
memoryRegions.Clear();
InitMemoryRegions();
MemoryProtectionFlags MemFlagsExecutable =
MemoryProtectionFlags.PAGE_EXECUTE |
MemoryProtectionFlags.PAGE_EXECUTE_READ |
MemoryProtectionFlags.PAGE_EXECUTE_READWRITE |
MemoryProtectionFlags.PAGE_EXECUTE_WRITECOPY;
MemoryProtectionFlags MemFlagsWriteable =
MemoryProtectionFlags.PAGE_EXECUTE_READWRITE |
MemoryProtectionFlags.PAGE_EXECUTE_WRITECOPY |
MemoryProtectionFlags.PAGE_READWRITE |
MemoryProtectionFlags.PAGE_WRITECOPY;
int regionInfoSize = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION));
for (long scanAddress = 0; scanAddress < Int64.MaxValue;)
{
MEMORY_BASIC_INFORMATION regionInfo;
int result = VirtualQueryEx(cachedProcessHandle, (IntPtr)scanAddress, out regionInfo, (uint)regionInfoSize);
if (result != regionInfoSize)
{
break;
}
bool bIsCommited = (regionInfo.State & MemoryStateFlags.MEM_COMMIT) != 0;
bool bIsGuarded = (regionInfo.Protect & MemoryProtectionFlags.PAGE_GUARD) != 0;
bool bIsWritebale = (regionInfo.Protect & MemFlagsWriteable) != 0;
bool bIsExecutable = (regionInfo.Protect & MemFlagsExecutable) != 0;
bool bShouldCacheRegion = bIsCommited && !bIsGuarded && (bIsWritebale || bIsExecutable);
Logger.WriteLine("scan:0x{0}, size:0x{1}, state:[{2}], protect:[{3}], type:0x{4} => {5}",
scanAddress.ToString("x"), regionInfo.RegionSize.ToString("x"), regionInfo.State, regionInfo.Protect, regionInfo.Type.ToString("x"),
bShouldCacheRegion ? "CACHE" : "meh");
if (bShouldCacheRegion)
{
MemoryRegionFlags storeType = (bIsWritebale ? MemoryRegionFlags.Writeable : 0) | (bIsExecutable ? MemoryRegionFlags.Executable : 0);
MemoryRegionInfo storeInfo = new MemoryRegionInfo
{
BaseAddress = regionInfo.BaseAddress,
Size = regionInfo.RegionSize,
Type = storeType,
};
memoryRegions.Add(storeInfo);
}
scanAddress = (long)regionInfo.BaseAddress + (long)regionInfo.RegionSize;
}
}
private void InitMemoryRegions()
{
cachedProcessBase = (long)cachedProcess.MainModule.BaseAddress;
MemoryRegionInfo baseModuleInfo = new MemoryRegionInfo
{
BaseAddress = new IntPtr(cachedProcessBase),
Size = new IntPtr(cachedProcess.MainModule.ModuleMemorySize),
Type = MemoryRegionFlags.Executable | MemoryRegionFlags.Writeable | MemoryRegionFlags.MainModule,
};
memoryRegions.Add(baseModuleInfo);
Logger.WriteLine("base:0x{0} [{1}], size:0x{2}", baseModuleInfo.BaseAddress.ToString("x"), cachedProcess.MainModule.ModuleName, baseModuleInfo.Size.ToString("x"));
}
public byte[] ReadRegionMemory(MemoryRegionInfo regionInfo)
{
#if DEBUG
if (useCachedMemory)
{
return(regionInfo.CachedData);
}
#endif // DEBUG
byte[] memBuffer = new byte[(long)regionInfo.Size];
IntPtr bytesRead = IntPtr.Zero;
ReadProcessMemory(cachedProcessHandle, regionInfo.BaseAddress, memBuffer, regionInfo.Size, out bytesRead);
return(memBuffer);
}
public byte[] ReadBytes(long Address, int Size)
{
byte[] memBuffer = new byte[Size];
#if DEBUG
if (useCachedMemory)
{
MemoryRegionInfo regInfo = FindMemoryRegion(Address);
long copyEndAddr = Math.Min((long)regInfo.BaseAddress + (long)regInfo.Size, Address + Size);
long copySize = copyEndAddr - Address;
if (copySize > 0)
{
Array.Copy(regInfo.CachedData, Address - (long)regInfo.BaseAddress, memBuffer, 0, copySize);
}
return(memBuffer);
}
#endif // DEBUG
IntPtr bytesRead = IntPtr.Zero;
ReadProcessMemory(cachedProcessHandle, new IntPtr(Address), memBuffer, new IntPtr(Size), out bytesRead);
return(memBuffer);
}
public bool LoadMemoryRegions()
{
useCachedMemory = false;
using (BinaryReader reader = new BinaryReader(File.Open("memory.cache", FileMode.Open)))
{
int numRegions = reader.ReadInt32();
memoryRegions.Clear();
for (int regIdx = 0; regIdx < numRegions; regIdx++)
{
long regBaseAddr = reader.ReadInt64();
long regSize = reader.ReadInt64();
MemoryRegionFlags regType = (MemoryRegionFlags)reader.ReadUInt32();
if (regIdx == 0)
{
regType |= MemoryRegionFlags.MainModule;
cachedProcessBase = regBaseAddr;
}
MemoryRegionInfo regInfo = new MemoryRegionInfo()
{
BaseAddress = new IntPtr(regBaseAddr),
Size = new IntPtr(regSize),
Type = regType
};
regInfo.CachedData = reader.ReadBytes((int)regSize);
memoryRegions.Add(regInfo);
}
useCachedMemory = true;
}
return(useCachedMemory);
}
