public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
{
IntPtr ptrBytesWritten;
ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
bytesWritten = ptrBytesWritten.ToInt32();
}
public int ReadProcessMemory(IntPtr Address, int Length, out byte[] data)
{
byte[] buffer = new byte[Length];
int iReadCount;
ProcessMemoryReaderApi.ReadProcessMemory(m_hpid, Address, buffer, Length, out iReadCount);
data = buffer;
return(iReadCount);
}
public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
{
byte[] buffer = new byte[bytesToRead];
IntPtr ptrBytesRead;
ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
bytesRead = ptrBytesRead.ToInt32();
return(buffer);
}
/// <summary>Close access to the process and release the handle</summary>
public void Close()
{
if (m_hpid == IntPtr.Zero)
{
return;
}
ProcessMemoryReaderApi.CloseHandle(m_hpid);
m_hpid = IntPtr.Zero;
}
private bool GetModuleInfo(uint PID, string ModuleName, out MODULEENTRY32 ModuleInfo)
{
ModuleInfo = default(MODULEENTRY32);
//Take a snapshot of the module list
IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID);
if (hModuleList == IntPtr.Zero)
{
return(false);
}
try
{
MODULEENTRY32 me32 = new MODULEENTRY32();
me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32));
//Set cursor at the start and grab the info
if (!Module32First(hModuleList, ref me32))
{
return(false);
}
ProcessModuleCollection progMods = System.Diagnostics.Process.GetProcessById((int)m_pid).Modules;
foreach (ProcessModule module in progMods)
{
if (module.ModuleName == ReadProcess.MainModule.ModuleName)
{
ModuleInfo = me32;
return(true);
}
Module32Next(hModuleList, ref me32);
}
}
finally
{
//gets fired even if return is used
ProcessMemoryReaderApi.CloseHandle(hModuleList);
}
return(false);
}
public void OpenProcess()
{
ReadProcess = Process.GetProcessById((int)m_pid);
// m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
ProcessMemoryReaderApi.ProcessAccessType access;
access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
| ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
| ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
m_hpid = m_hProcess;
m_pid = (uint)m_ReadProcess.Id;
ProcessModuleCollection progMods = m_ReadProcess.Modules;
foreach (ProcessModule module in progMods)
{
if (module.ModuleName == "FFXiMain.dll")//ReadProcess.MainModule.ModuleName)
{
m_hbase = module.BaseAddress;
break;
}
}
}
private static IntPtr GetModuleBase(uint PID, string ModuleName)
{
//Take a snapshot of the module list
IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID);
if (hModuleList == IntPtr.Zero)
{
return(IntPtr.Zero);
}
try
{
MODULEENTRY32 me32 = new MODULEENTRY32();
me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32));
//Set cursor at the start and grab the info
if (!Module32First(hModuleList, ref me32))
{
return(IntPtr.Zero);
}
//If the module matches our target, use its baseaddress. Otherwise, grab the next module in the list
do
{
if (me32.szModule == ModuleName)
{
return(me32.modBaseAddr);
}
} while (Module32Next(hModuleList, ref me32));
}
finally
{
//gets fired even if return is used
ProcessMemoryReaderApi.CloseHandle(hModuleList);
}
return(IntPtr.Zero);
}