Пример #1
0
        public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
        {
            IntPtr ptrBytesWritten;

            ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
            bytesWritten = ptrBytesWritten.ToInt32();
        }
Пример #2
0
        public int ReadProcessMemory(IntPtr Address, int Length, out byte[] data)
        {
            byte[] buffer = new byte[Length];
            int    iReadCount;

            ProcessMemoryReaderApi.ReadProcessMemory(m_hpid, Address, buffer, Length, out iReadCount);
            data = buffer;
            return(iReadCount);
        }
Пример #3
0
        public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
        {
            byte[] buffer = new byte[bytesToRead];
            IntPtr ptrBytesRead;

            ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
            bytesRead = ptrBytesRead.ToInt32();
            return(buffer);
        }
Пример #4
0
 /// <summary>Close access to the process and release the handle</summary>
 public void Close()
 {
     if (m_hpid == IntPtr.Zero)
     {
         return;
     }
     ProcessMemoryReaderApi.CloseHandle(m_hpid);
     m_hpid = IntPtr.Zero;
 }
Пример #5
0
        private bool GetModuleInfo(uint PID, string ModuleName, out MODULEENTRY32 ModuleInfo)
        {
            ModuleInfo = default(MODULEENTRY32);

            //Take a snapshot of the module list
            IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID);

            if (hModuleList == IntPtr.Zero)
            {
                return(false);
            }

            try
            {
                MODULEENTRY32 me32 = new MODULEENTRY32();
                me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32));

                //Set cursor at the start and grab the info
                if (!Module32First(hModuleList, ref me32))
                {
                    return(false);
                }

                ProcessModuleCollection progMods = System.Diagnostics.Process.GetProcessById((int)m_pid).Modules;
                foreach (ProcessModule module in progMods)
                {
                    if (module.ModuleName == ReadProcess.MainModule.ModuleName)
                    {
                        ModuleInfo = me32;
                        return(true);
                    }
                    Module32Next(hModuleList, ref me32);
                }
            }
            finally
            {
                //gets fired even if return is used
                ProcessMemoryReaderApi.CloseHandle(hModuleList);
            }
            return(false);
        }
Пример #6
0
        public void OpenProcess()
        {
            ReadProcess = Process.GetProcessById((int)m_pid);
            //			m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
            ProcessMemoryReaderApi.ProcessAccessType access;
            access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                     | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                     | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
            m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
            m_hpid     = m_hProcess;
            m_pid      = (uint)m_ReadProcess.Id;
            ProcessModuleCollection progMods = m_ReadProcess.Modules;

            foreach (ProcessModule module in progMods)
            {
                if (module.ModuleName == "FFXiMain.dll")//ReadProcess.MainModule.ModuleName)
                {
                    m_hbase = module.BaseAddress;
                    break;
                }
            }
        }
Пример #7
0
        private static IntPtr GetModuleBase(uint PID, string ModuleName)
        {
            //Take a snapshot of the module list
            IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID);

            if (hModuleList == IntPtr.Zero)
            {
                return(IntPtr.Zero);
            }

            try
            {
                MODULEENTRY32 me32 = new MODULEENTRY32();
                me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32));

                //Set cursor at the start and grab the info
                if (!Module32First(hModuleList, ref me32))
                {
                    return(IntPtr.Zero);
                }

                //If the module matches our target, use its baseaddress. Otherwise, grab the next module in the list
                do
                {
                    if (me32.szModule == ModuleName)
                    {
                        return(me32.modBaseAddr);
                    }
                } while (Module32Next(hModuleList, ref me32));
            }
            finally
            {
                //gets fired even if return is used
                ProcessMemoryReaderApi.CloseHandle(hModuleList);
            }
            return(IntPtr.Zero);
        }