public void WriteProcessMemory_T() { IntPtr baseAddress = Marshal.AllocHGlobal(4); const int buffer = 1337; Marshal.WriteInt32(baseAddress, 0); IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer)); Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer); Marshal.WriteInt32(baseAddress, 0); IntPtr bytesWritten = IntPtr.Zero; Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer, ref bytesWritten)); Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer); Assert.IsTrue(bytesWritten == (IntPtr)4); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public void ReadProcessMemory_T() { IntPtr baseAddress = Marshal.AllocHGlobal(4); Marshal.WriteInt32(baseAddress, 1337); IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); int buffer = 0; Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer)); Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress)); buffer = 0; IntPtr bytesRead = IntPtr.Zero; Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer, ref bytesRead)); Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress)); Assert.IsTrue(bytesRead == (IntPtr)4); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public void VirtualProtectEx() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite); MemoryProtectionFlags oldProtection = default; Assert.IsTrue(ProcessMemory.VirtualProtectEx(handle, address, (IntPtr)1024, MemoryProtectionFlags.NoAccess, ref oldProtection)); Assert.IsTrue(oldProtection == MemoryProtectionFlags.ExecuteReadWrite); try { Marshal.WriteInt32(address, 1337); throw new Exception(); } catch { } Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release)); ProcessMemory.CloseHandle(handle); }
public void Close() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); }
public void OnExit() { ProcessMemory.CloseHandle(memory.ProcessHandle); memory = null; hotKeyManager.KeyPressed -= OnKeyPressed; hotKeyManager.Dispose(); }
public void CreateRemoteThreadEx() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); TestCreateRemoteThread_1(handle); TestCreateRemoteThread_2(handle); TestCreateRemoteThread_3(handle); TestCreateRemoteThread_4(handle); Assert.IsTrue(ProcessMemory.CloseHandle(handle)); }
private void TestCreateRemoteThread_3(IntPtr hProcess) { var originalCounter = _counter; IntPtr hThread = ProcessMemory.CreateRemoteThreadEx(hProcess, IntPtr.Zero, IntPtr.Zero, _remoteFunctionPointer, IntPtr.Zero, ThreadCreationFlags.Immediately, IntPtr.Zero); Assert.IsFalse(hThread == IntPtr.Zero); Assert.IsTrue(ProcessMemory.WaitForSingleObject(hThread, ProcessMemory.WAIT_TIMEOUT_INFINITE) == WaitObjectResult.Success); Assert.IsTrue(ProcessMemory.CloseHandle(hThread)); Assert.IsTrue(originalCounter + 1 == _counter); }
public void VirtualAllocAndFree() { IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite); Assert.IsFalse(address == IntPtr.Zero); Assert.IsTrue(Marshal.ReadInt32(address) == 0); Marshal.WriteInt32(address, 1337); Assert.IsTrue(Marshal.ReadInt32(address) == 1337); Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release)); ProcessMemory.CloseHandle(handle); }
public void WriteProcessMemory_TArray() { IntPtr baseAddress = Marshal.AllocHGlobal(16); int[] buffer = new int[4]; for (int i = 0; i < buffer.Length; i++) { buffer[i] = 1337; Marshal.WriteInt32(baseAddress, i * 4, 0); } IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer)); for (int i = 0; i < buffer.Length; i++) { Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337); Marshal.WriteInt32(baseAddress, i * 4, 0); } IntPtr bytesWritten = IntPtr.Zero; Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer, ref bytesWritten)); Assert.IsTrue(bytesWritten == (IntPtr)16); for (int i = 0; i < buffer.Length; i++) { Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337); } Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public void ReadProcessMemory_TArray() { IntPtr baseAddress = Marshal.AllocHGlobal(16); for (int i = 0; i < 16; i += 4) { Marshal.WriteInt32(baseAddress, i, 1337); } IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId); Assert.IsFalse(handle == IntPtr.Zero); int[] buffer = new int[4]; Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer)); for (int i = 0; i < buffer.Length; i++) { Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4)); buffer[i] = 0; } IntPtr bytesRead = IntPtr.Zero; Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer, ref bytesRead)); Assert.IsTrue(bytesRead == (IntPtr)(buffer.Length * 4)); for (int i = 0; i < buffer.Length; i++) { Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4)); } Assert.IsTrue(ProcessMemory.CloseHandle(handle)); Marshal.FreeHGlobal(baseAddress); }
public void OnExit() { ProcessMemory.CloseHandle(memory.ProcessHandle); memory = null; }
public static InjectResult Inject(Process process, string dllPath, TimeSpan timeout) { InjectResult result = InjectResult.None; //Get the full path of the DLL. string fullPath = Path.GetFullPath(dllPath); //Return if the DLL is not found. if (!File.Exists(fullPath)) { return(InjectResult.Dll_Not_Found); } //Process modules aren't automatically updated in a stored process variable. //Grab the updated process. Process updatedProcess = Process.GetProcessById(process.Id); //Sometimes randomly fails due to 64-bit OS accessing 32-bit process ProcessMemory... //Try again if fails. bool success = false; string pathCompare = fullPath.ToLower(); while (!success) { try { foreach (ProcessModule pm in updatedProcess.Modules) { if (pm.FileName.ToLower() == pathCompare) //Return if the DLL is found to //prevent injecting duplicates. { return(InjectResult.Dll_Already_Jnjected); } } success = true; } catch { } } //Open handle with all permissions to avoid any unexpected access violation errors... IntPtr hProcess = ProcessMemory.OpenProcess(ProcessAccessFlags.All, true, process.Id); //Return if the handle is 0. This is an invalid result. if (hProcess == IntPtr.Zero) { return(InjectResult.Process_Handle_Invalid); } //Get the handle for kernel32.dll. IntPtr hKernel = ProcessMemory.GetModuleHandle("kernel32.dll"); //Return if the handle is 0. This is an invalid result. if (hKernel == IntPtr.Zero) { return(InjectResult.Kernel_Module_Not_Found); } //Get the address for LoadLibraryA, which is used to load a process //module into a process and calls the DllMain entry point. IntPtr hLoadLibraryA = ProcessMemory.GetProcAddress(hKernel, "LoadLibraryA"); //Return if the address is 0. This is an invalid result. if (hLoadLibraryA == IntPtr.Zero) { return(InjectResult.Load_Library_A_Not_Found); } //Allocation space for the full path of the module and //+1 for the null terminator (0x00) of the string. int allocationSize = fullPath.Length + 1; //Allocate memory space in the process and store the address //the allocation was made at. IntPtr allocatedAddr = ProcessMemory.VirtualAllocEx(hProcess, IntPtr.Zero, (IntPtr)allocationSize, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite); //Return if the address is 0. Allocation was not made. if (allocatedAddr == IntPtr.Zero) { return(InjectResult.Memory_Allocation_Failed); } //Convert the full path string into bytes. byte[] buffer = Encoding.UTF8.GetBytes(fullPath); IntPtr numWritten; //Write the bytes to the space we allocated within the process. if (!ProcessMemory.WriteProcessMemory(hProcess, allocatedAddr, buffer, buffer.Length, out numWritten)) { //Writing to memory failed if WriteProcessMemory returned false. result = InjectResult.Memory_Write_Failed; //Free the memory we allocated into the process. //dwSize must be 0 to free all pages allocated by VirtualAllocEx. if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release)) { //Freeing the allocated memory failed if VirtualFreeEx returned false. result |= InjectResult.Memory_Release_Failed; } //Return due to failing to write the bytes to ProcessMemory. return(result); } //Create a new remote thread, calling the LoadLibraryA function in our target //process with the address we allocated our string bytes at as the parameter. //This will load the DLL into the process using the full path to the DLL that //was specified and call the DLL's DllMain entry point. IntPtr threadId; IntPtr hThread = ProcessMemory.CreateRemoteThread(hProcess, IntPtr.Zero, 0, hLoadLibraryA, allocatedAddr, 0, out threadId); if (hThread == IntPtr.Zero) { //The remote thread failed to create if the thread handle is is 0. result = InjectResult.Thread_Creation_Failed; //Free the memory we allocated into the process. //dwSize must be 0 to free all pages allocated by VirtualAllocEx. if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release)) { //Freeing the allocated memory failed if VirtualFreeEx returned false. result |= InjectResult.Memory_Release_Failed; } //Return due to failing to create the remote thread. return(result); } //Wait for the thread to finish, with specified timeout if it never finishes. ProcessMemory.WaitForSingleObject(hThread, (uint)timeout.TotalMilliseconds); //Free the memory we allocated into the process. //dwSize must be 0 to free all pages allocated by VirtualAllocEx. if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release)) { //Freeing the allocated memory failed if VirtualFreeEx returned false. result |= InjectResult.Memory_Release_Failed; } //Close the handle created by CreateRemoteThread. if (!ProcessMemory.CloseHandle(hThread)) { result |= InjectResult.Thread_Close_Failed; } //Close the handle created by OpenProcess. if (!ProcessMemory.CloseHandle(hProcess)) { result |= InjectResult.Process_Handle_Close_Failed; } return(result |= InjectResult.Success); }