public static List <ProcessEntry32> GetProcess32List()
{
Process32.SetPrivilege(Class3.smethod_10(538), true);
Process.EnterDebugMode();
List <ProcessEntry32> list = new List <ProcessEntry32>();
IntPtr intPtr = Process32.CreateToolhelp32Snapshot(Process32.TH32CS_SNAPPROCESS, 0u);
if (intPtr != IntPtr.Zero)
{
ProcessEntry32 processEntry = default(ProcessEntry32);
processEntry.dwSize = (uint)Marshal.SizeOf(processEntry);
if (Process32.Process32First(intPtr, ref processEntry))
{
do
{
IntPtr intPtr2 = Marshal.AllocHGlobal((int)processEntry.dwSize);
Marshal.StructureToPtr(processEntry, intPtr2, true);
ProcessEntry32 item = (ProcessEntry32)Marshal.PtrToStructure(intPtr2, typeof(ProcessEntry32));
Marshal.FreeHGlobal(intPtr2);
list.Add(item);
}while (Process32.Process32Next(intPtr, ref processEntry));
}
Process32.CloseHandle(intPtr);
}
return(list);
}
public static System.Collections.Generic.List <ProcessEntry32> GetProcess32List()
{
SetPrivilege(Class3.smethod_10(0x21a), true);
Process.EnterDebugMode();
System.Collections.Generic.List <ProcessEntry32> list = new System.Collections.Generic.List <ProcessEntry32>();
IntPtr hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != IntPtr.Zero)
{
ProcessEntry32 entry;
entry = new ProcessEntry32 {
dwSize = (uint)Marshal.SizeOf(entry)
};
if (Process32First(hSnapshot, ref entry))
{
do
{
IntPtr ptr = Marshal.AllocHGlobal((int)entry.dwSize);
Marshal.StructureToPtr(entry, ptr, true);
ProcessEntry32 item = (ProcessEntry32)Marshal.PtrToStructure(ptr, typeof(ProcessEntry32));
Marshal.FreeHGlobal(ptr);
list.Add(item);
}while (Process32Next(hSnapshot, ref entry));
}
CloseHandle(hSnapshot);
}
return(list);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
int nSize = 0x400;
StringBuilder lpBaseName = new StringBuilder(0x400);
IntPtr hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
GetModuleFileNameEx(hProcess, IntPtr.Zero, lpBaseName, 0x400);
if (lpBaseName.Length == 0)
{
GetProcessImageFileName(hProcess, lpBaseName, nSize);
}
CloseHandle(hProcess);
return(lpBaseName.ToString());
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
int nSize = 1024;
StringBuilder stringBuilder = new StringBuilder(1024);
IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, IntPtr.Zero, stringBuilder, 1024);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, nSize);
}
Process32.CloseHandle(intPtr);
return(stringBuilder.ToString());
}
public static byte[] ReadMemory(ProcessEntry32 process, int address, int length, out int bytesRead)
{
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_ALL_ACCESS, 0, process.th32ProcessID);
byte[] result;
if (intPtr != System.IntPtr.Zero)
{
byte[] array = new byte[length];
Process32.ReadProcessMemory(intPtr, new System.IntPtr(address), array, length, out bytesRead);
Process32.CloseHandle(intPtr);
result = array;
}
else
{
bytesRead = 0;
result = new byte[0];
}
return(result);
}
public static string GetProcess32File(ProcessEntry32 lpProcess)
{
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(260);
System.IntPtr intPtr = Process32.OpenProcess(Process32.PROCESS_QUERY_INFORMATION | Process32.PROCESS_VM_READ, 0, lpProcess.th32ProcessID);
Process32.GetModuleFileNameEx(intPtr, System.IntPtr.Zero, stringBuilder, 260);
if (stringBuilder.Length == 0)
{
Process32.GetProcessImageFileName(intPtr, stringBuilder, 260);
}
Process32.CloseHandle(intPtr);
string text = stringBuilder.ToString();
if (text.Contains("\\Device\\HardDiskVolume", true))
{
string[] logicalDrives = System.IO.Directory.GetLogicalDrives();
for (int i = 0; i < logicalDrives.Length; i++)
{
text = text.Replace("\\Device\\HarddiskVolume" + (i + 1) + "\\", logicalDrives[i]);
}
}
return(text);
}
public static System.Collections.Generic.List <ProcessEntry32> GetProcess32List()
{
System.Collections.Generic.List <ProcessEntry32> list = new System.Collections.Generic.List <ProcessEntry32>();
System.IntPtr intPtr = Process32.CreateToolhelp32Snapshot(Process32.TH32CS_SNAPPROCESS, 0u);
if (intPtr != System.IntPtr.Zero)
{
ProcessEntry32 processEntry = default(ProcessEntry32);
processEntry.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(processEntry);
if (Process32.Process32First(intPtr, ref processEntry))
{
do
{
System.IntPtr intPtr2 = System.Runtime.InteropServices.Marshal.AllocHGlobal((int)processEntry.dwSize);
System.Runtime.InteropServices.Marshal.StructureToPtr(processEntry, intPtr2, true);
ProcessEntry32 item = (ProcessEntry32)System.Runtime.InteropServices.Marshal.PtrToStructure(intPtr2, typeof(ProcessEntry32));
System.Runtime.InteropServices.Marshal.FreeHGlobal(intPtr2);
list.Add(item);
}while (Process32.Process32Next(intPtr, ref processEntry));
}
Process32.CloseHandle(intPtr);
}
return(list);
}
public static byte[] ReadMemory(ProcessEntry32 process, int address, int length, out int bytesRead)
{
return(ReadMemory(process.th32ProcessID, address, length, out bytesRead));
}
public static extern bool Process32Next(IntPtr hSnapshot, ref ProcessEntry32 lppe);
public static extern bool Process32First(System.IntPtr hSnapshot, ref ProcessEntry32 lppe);