public void CacheMemoryRegions() { memoryRegions.Clear(); InitMemoryRegions(); MemoryProtectionFlags MemFlagsExecutable = MemoryProtectionFlags.PAGE_EXECUTE | MemoryProtectionFlags.PAGE_EXECUTE_READ | MemoryProtectionFlags.PAGE_EXECUTE_READWRITE | MemoryProtectionFlags.PAGE_EXECUTE_WRITECOPY; MemoryProtectionFlags MemFlagsWriteable = MemoryProtectionFlags.PAGE_EXECUTE_READWRITE | MemoryProtectionFlags.PAGE_EXECUTE_WRITECOPY | MemoryProtectionFlags.PAGE_READWRITE | MemoryProtectionFlags.PAGE_WRITECOPY; int regionInfoSize = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)); for (long scanAddress = 0; scanAddress < Int64.MaxValue;) { MEMORY_BASIC_INFORMATION regionInfo; int result = VirtualQueryEx(cachedProcessHandle, (IntPtr)scanAddress, out regionInfo, (uint)regionInfoSize); if (result != regionInfoSize) { break; } bool bIsCommited = (regionInfo.State & MemoryStateFlags.MEM_COMMIT) != 0; bool bIsGuarded = (regionInfo.Protect & MemoryProtectionFlags.PAGE_GUARD) != 0; bool bIsWritebale = (regionInfo.Protect & MemFlagsWriteable) != 0; bool bIsExecutable = (regionInfo.Protect & MemFlagsExecutable) != 0; bool bShouldCacheRegion = bIsCommited && !bIsGuarded && (bIsWritebale || bIsExecutable); Logger.WriteLine("scan:0x{0}, size:0x{1}, state:[{2}], protect:[{3}], type:0x{4} => {5}", scanAddress.ToString("x"), regionInfo.RegionSize.ToString("x"), regionInfo.State, regionInfo.Protect, regionInfo.Type.ToString("x"), bShouldCacheRegion ? "CACHE" : "meh"); if (bShouldCacheRegion) { MemoryRegionFlags storeType = (bIsWritebale ? MemoryRegionFlags.Writeable : 0) | (bIsExecutable ? MemoryRegionFlags.Executable : 0); MemoryRegionInfo storeInfo = new MemoryRegionInfo { BaseAddress = regionInfo.BaseAddress, Size = regionInfo.RegionSize, Type = storeType, }; memoryRegions.Add(storeInfo); } scanAddress = (long)regionInfo.BaseAddress + (long)regionInfo.RegionSize; } }
private void InitMemoryRegions() { cachedProcessBase = (long)cachedProcess.MainModule.BaseAddress; MemoryRegionInfo baseModuleInfo = new MemoryRegionInfo { BaseAddress = new IntPtr(cachedProcessBase), Size = new IntPtr(cachedProcess.MainModule.ModuleMemorySize), Type = MemoryRegionFlags.Executable | MemoryRegionFlags.Writeable | MemoryRegionFlags.MainModule, }; memoryRegions.Add(baseModuleInfo); Logger.WriteLine("base:0x{0} [{1}], size:0x{2}", baseModuleInfo.BaseAddress.ToString("x"), cachedProcess.MainModule.ModuleName, baseModuleInfo.Size.ToString("x")); }
public byte[] ReadRegionMemory(MemoryRegionInfo regionInfo) { #if DEBUG if (useCachedMemory) { return(regionInfo.CachedData); } #endif // DEBUG byte[] memBuffer = new byte[(long)regionInfo.Size]; IntPtr bytesRead = IntPtr.Zero; ReadProcessMemory(cachedProcessHandle, regionInfo.BaseAddress, memBuffer, regionInfo.Size, out bytesRead); return(memBuffer); }
public byte[] ReadBytes(long Address, int Size) { byte[] memBuffer = new byte[Size]; #if DEBUG if (useCachedMemory) { MemoryRegionInfo regInfo = FindMemoryRegion(Address); long copyEndAddr = Math.Min((long)regInfo.BaseAddress + (long)regInfo.Size, Address + Size); long copySize = copyEndAddr - Address; if (copySize > 0) { Array.Copy(regInfo.CachedData, Address - (long)regInfo.BaseAddress, memBuffer, 0, copySize); } return(memBuffer); } #endif // DEBUG IntPtr bytesRead = IntPtr.Zero; ReadProcessMemory(cachedProcessHandle, new IntPtr(Address), memBuffer, new IntPtr(Size), out bytesRead); return(memBuffer); }
public bool LoadMemoryRegions() { useCachedMemory = false; using (BinaryReader reader = new BinaryReader(File.Open("memory.cache", FileMode.Open))) { int numRegions = reader.ReadInt32(); memoryRegions.Clear(); for (int regIdx = 0; regIdx < numRegions; regIdx++) { long regBaseAddr = reader.ReadInt64(); long regSize = reader.ReadInt64(); MemoryRegionFlags regType = (MemoryRegionFlags)reader.ReadUInt32(); if (regIdx == 0) { regType |= MemoryRegionFlags.MainModule; cachedProcessBase = regBaseAddr; } MemoryRegionInfo regInfo = new MemoryRegionInfo() { BaseAddress = new IntPtr(regBaseAddr), Size = new IntPtr(regSize), Type = regType }; regInfo.CachedData = reader.ReadBytes((int)regSize); memoryRegions.Add(regInfo); } useCachedMemory = true; } return(useCachedMemory); }