public static bool ListMemory(FMemoryInfos memories, int processId)
{
memories.Clear();
// List modules
FModuleInfoCollection modules = RModule.ListProcess(processId);
// List memory
uint address = 0;
SMemoryBasicInformation mbi = new SMemoryBasicInformation();
int size = Marshal.SizeOf(mbi);
IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId);
if (!RApi.IsValidHandle(process))
{
return(false);
}
while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0)
{
FMemoryInfo memory = new FMemoryInfo();
memory.AllocationBase = mbi.AllocationBase;
memory.AllocationProtect = mbi.AllocationProtect;
memory.BaseAddress = mbi.BaseAddress;
memory.Protect = mbi.Protect;
memory.RegionSize = mbi.RegionSize;
memory.State = mbi.State;
memory.Type = mbi.Type;
memory.Module = modules.FindByAddress(mbi.AllocationBase);
memories.Push(memory);
address = mbi.BaseAddress + mbi.RegionSize;
}
;
RKernel32.CloseHandle(process);
return(true);
}
public static void Hook(SHookInfo hook)
{
Nullable <SModuleEntry32> module = RModule.Find(hook.Module);
if (module.HasValue)
{
FTrunkInfo[] trunks = RModule.FetchTrunks(module.Value.hModule);
foreach (FTrunkInfo trunk in trunks)
{
if (trunk.Name == hook.Function)
{
HookApi(hook, trunk);
}
}
}
}