/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Annotation of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 229 - (hide annotations) (download)
Sat Jun 2 18:31:40 2012 UTC (9 years ago) by william
File size: 31159 byte(s)

1 william 88 using System;
2     using System.Collections.Generic;
3     using System.Text;
4     using System.Diagnostics;
5     using System.Threading;
6     using System.Runtime.InteropServices;
7 william 156 using RomCheater.Logging;
8 william 162 using RomCheater.Core;
9     using System.IO;
10 william 88
11     namespace Sojaner.MemoryScanner
12     {
13     // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
14     #region ProcessMemoryReader class
15     //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
16     //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
17 william 229 public class ProcessMemoryReader : IPatchMemory, IReadMemory
18 william 88 {
19    
20     public ProcessMemoryReader()
21     {
22     }
23    
24     /// <summary>
25     /// Process from which to read
26     /// </summary>
27     public Process ReadProcess
28     {
29     get
30     {
31     return m_ReadProcess;
32     }
33     set
34     {
35     m_ReadProcess = value;
36     }
37     }
38    
39     private Process m_ReadProcess = null;
40    
41 william 198 private static IntPtr m_hProcess = IntPtr.Zero;
42 william 88
43     public void OpenProcess()
44     {
45     // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
46     ProcessMemoryReaderApi.ProcessAccessType access;
47     access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
48     | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
49     | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
50     m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
51     }
52    
53     public void CloseHandle()
54     {
55     try
56     {
57     int iRetValue;
58     iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
59     if (iRetValue == 0)
60     {
61     throw new Exception("CloseHandle failed");
62     }
63     }
64     catch (Exception ex)
65     {
66     //System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
67     throw ex;
68     }
69     }
70    
71 william 198 #region WriteProcessMemoryToFile
72     public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
73     {
74     RamDumper dumper = new RamDumper();
75     return dumper.DumpMemoryToFile(ReadProcess, filename, MemoryAddress, bytesToRead, out bytesRead);
76     }
77     #endregion
78 william 162
79 william 198 #region ReadProcessMemory
80 william 229 public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
81 william 88 {
82 william 198 RamDumper dumper = new RamDumper();
83 william 229 dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead, out data);
84 william 198 }
85 william 229 //public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead,out sbyte[] data)
86     //{
87     // RamDumper dumper = new RamDumper();
88     // dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead, out data);
89     //}
90 william 198 #endregion
91    
92 william 203 #region ReadProcessMemory
93     public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out uint address)
94     {
95     RamDumper dumper = new RamDumper();
96     return dumper.ReadFirstNonZeroByte(ReadProcess, MemoryAddress, bytesToRead, out address);
97     }
98     #endregion
99 william 198 #region WriteProcessMemory
100     public void WriteProcessMemory(UIntPtr MemoryAddress, byte byteToWrite, out int bytesWritten)
101     {
102     WriteProcessMemory(MemoryAddress, new byte[] { byteToWrite }, out bytesWritten);
103     }
104     public void WriteProcessMemory(UIntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
105     {
106     IntPtr ptrBytesWritten;
107     ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
108     bytesWritten = ptrBytesWritten.ToInt32();
109     }
110     #endregion
111    
112 william 229
113     #region IPatchMemory members
114     public bool PatchMemory(uint address, byte value)
115     {
116     int bytesWritten;
117     byte[] bitData = BitConverter.GetBytes(value);
118     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
119     CloseHandle();
120     byte check = 0;
121     ReadMemory(address, out check);
122     if (check == value) return true;
123     return false;
124     }
125     public bool PatchMemory(uint address, sbyte value)
126     {
127     int bytesWritten;
128     byte[] bitData = BitConverter.GetBytes(value);
129     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
130     CloseHandle();
131     sbyte check = 0;
132     ReadMemory(address, out check);
133     if (check == value) return true;
134     return false;
135     }
136     public bool PatchMemory(uint address, ushort value)
137     {
138     int bytesWritten;
139     byte[] bitData = BitConverter.GetBytes(value);
140     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
141     CloseHandle();
142     ushort check = 0;
143     ReadMemory(address, out check);
144     if (check == value) return true;
145     return false;
146     }
147     public bool PatchMemory(uint address, short value)
148     {
149     int bytesWritten;
150     byte[] bitData = BitConverter.GetBytes(value);
151     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
152     CloseHandle();
153     short check = 0;
154     ReadMemory(address, out check);
155     if (check == value) return true;
156     return false;
157     }
158     public bool PatchMemory(uint address, uint value)
159     {
160     int bytesWritten;
161     byte[] bitData = BitConverter.GetBytes(value);
162     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
163     CloseHandle();
164     uint check = 0;
165     ReadMemory(address, out check);
166     if (check == value) return true;
167     return false;
168     }
169     public bool PatchMemory(uint address, int value)
170     {
171     int bytesWritten;
172     byte[] bitData = BitConverter.GetBytes(value);
173     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
174     CloseHandle();
175     int check = 0;
176     ReadMemory(address, out check);
177     if (check == value) return true;
178     return false;
179     }
180     public bool PatchMemory(uint address, ulong value)
181     {
182     int bytesWritten;
183     byte[] bitData = BitConverter.GetBytes(value);
184     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
185     CloseHandle();
186     ulong check = 0;
187     ReadMemory(address, out check);
188     if (check == value) return true;
189     return false;
190     }
191     public bool PatchMemory(uint address, long value)
192     {
193     int bytesWritten;
194     byte[] bitData = BitConverter.GetBytes(value);
195     WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
196     CloseHandle();
197     long check = 0;
198     ReadMemory(address, out check);
199     if (check == value) return true;
200     return false;
201     }
202     #endregion
203     #region IReadMemory members
204     public bool ReadMemory(uint address, out byte value)
205     {
206     try
207     {
208     value = 0;
209     int bytesReadSize;
210     byte[] bitData;
211     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
212     value = bitData[0];
213     return true;
214     }
215     catch
216     {
217     value = 0x00;
218     return false;
219     }
220     }
221     public bool ReadMemory(uint address, out sbyte value)
222     {
223     try
224     {
225     value = 0;
226     int bytesReadSize;
227     byte[] bitData;
228     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
229     value = Convert.ToSByte(bitData[0]);
230     return true;
231     }
232     catch
233     {
234     value = 0x00;
235     return false;
236     }
237     }
238     public bool ReadMemory(uint address, out ushort value)
239     {
240     try
241     {
242     value = 0;
243     int bytesReadSize;
244     byte[] bitData;
245     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
246     value = BitConverter.ToUInt16(bitData, 0);
247     return true;
248     }
249     catch
250     {
251     value = 0x00;
252     return false;
253     }
254     }
255     public bool ReadMemory(uint address, out short value)
256     {
257     try
258     {
259     value = 0;
260     int bytesReadSize;
261     byte[] bitData;
262     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
263     value = BitConverter.ToInt16(bitData, 0);
264     return true;
265     }
266     catch
267     {
268     value = 0x00;
269     return false;
270     }
271     }
272     public bool ReadMemory(uint address, out uint value)
273     {
274     try
275     {
276     value = 0;
277     int bytesReadSize;
278     byte[] bitData;
279     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
280     value = BitConverter.ToUInt32(bitData, 0);
281     return true;
282     }
283     catch
284     {
285     value = 0x00;
286     return false;
287     }
288     }
289     public bool ReadMemory(uint address, out int value)
290     {
291     try
292     {
293     value = 0;
294     int bytesReadSize;
295     byte[] bitData;
296     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
297     value = BitConverter.ToInt32(bitData, 0);
298     return true;
299     }
300     catch
301     {
302     value = 0x00;
303     return false;
304     }
305     }
306     public bool ReadMemory(uint address, out ulong value)
307     {
308     try
309     {
310     value = 0;
311     int bytesReadSize;
312     byte[] bitData;
313     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
314     value = BitConverter.ToUInt64(bitData, 0);
315     return true;
316     }
317     catch
318     {
319     value = 0x00;
320     return false;
321     }
322     }
323     public bool ReadMemory(uint address, out long value)
324     {
325     try
326     {
327     value = 0;
328     int bytesReadSize;
329     byte[] bitData;
330     ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
331     value = BitConverter.ToInt64(bitData, 0);
332     return true;
333     }
334     catch
335     {
336     value = 0x00;
337     return false;
338     }
339     }
340     #endregion
341    
342 william 198 #region RamDumper
343     private interface IRamDumper
344     {
345     bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead);
346 william 229 void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data);
347 william 198 }
348     private class RamDumper : IRamDumper
349     {
350     public RamDumper() { }
351     private void InitMemoryDump(out uint byte_alignment)
352 william 156 {
353 william 198 byte_alignment = 102400; // get memory in 100mb chunks
354     }
355     #region IRamDumper members
356     #region DumpMemoryToFile
357     public bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
358     {
359 william 200 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
360 william 198 bytesRead = 0;
361     uint byte_alignment = 0;
362     // get common init parameters
363     InitMemoryDump(out byte_alignment);
364     uint address = MemoryAddress;
365     uint _bytesToRead = bytesToRead;
366     byte[] buffer = new byte[] { };
367     try
368 william 162 {
369 william 198 FileInfo fi = new FileInfo(filename);
370     if (fi.Exists)
371     fi.Delete();
372     using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
373     {
374     BinaryWriter bw = new BinaryWriter(fs);
375     //foreach (byte b in data) { bw.Write(b); }
376 william 88
377 william 198 for (uint i = 0; i <= bytesToRead; )
378 william 167 {
379 william 198 if (_bytesToRead < byte_alignment)
380     {
381     _bytesToRead = bytesToRead;
382     buffer = new byte[_bytesToRead];
383     }
384     else
385     {
386     _bytesToRead = byte_alignment;
387     buffer = new byte[byte_alignment];
388     }
389     IntPtr ptrBytesRead;
390    
391     ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, buffer, _bytesToRead, out ptrBytesRead);
392     bytesRead = ptrBytesRead.ToInt32();
393     bw.Write(buffer);
394     bw.Flush();
395    
396     if (_bytesToRead < byte_alignment)
397     {
398     i += _bytesToRead;
399     address += _bytesToRead;
400     }
401     else
402     {
403     i += byte_alignment;
404     address += byte_alignment;
405     }
406    
407    
408 william 167 }
409 william 198 bw.Close();
410 william 162 }
411 william 198 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
412     return true;
413 william 162 }
414 william 198 catch (OutOfMemoryException ex)
415     {
416     logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
417     logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
418     logger.Error.WriteLine(ex.ToString());
419     }
420     catch (Exception ex)
421     {
422     logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
423     logger.Error.WriteLine("DumpMemory(): Exception");
424     logger.Error.WriteLine(ex.ToString());
425     }
426     return false;
427 william 162 }
428 william 198 #endregion
429     #region DumpMemoryToByteArray
430 william 229 public void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
431 william 162 {
432 william 229 data = new byte[] { };
433 william 200 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
434 william 198 bytesRead = 0;
435 william 204 uint byte_alignment = 1;
436 william 198 // get common init parameters
437 william 204 //InitMemoryDump(out byte_alignment);
438 william 198 uint address = MemoryAddress;
439     uint _bytesToRead = bytesToRead;
440     byte[] buffer = new byte[] { };
441     try
442     {
443     using (MemoryStream ms = new MemoryStream())
444     {
445     BinaryWriter bw = new BinaryWriter(ms);
446     //foreach (byte b in data) { bw.Write(b); }
447 william 88
448 william 198 for (uint i = 0; i <= bytesToRead; )
449     {
450     if (_bytesToRead < byte_alignment)
451     {
452     _bytesToRead = bytesToRead;
453     buffer = new byte[_bytesToRead];
454     }
455     else
456     {
457     _bytesToRead = byte_alignment;
458     buffer = new byte[byte_alignment];
459     }
460     IntPtr ptrBytesRead;
461 william 88
462 william 198 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, buffer, _bytesToRead, out ptrBytesRead);
463     bytesRead = ptrBytesRead.ToInt32();
464     bw.Write(buffer);
465     bw.Flush();
466    
467     if (_bytesToRead < byte_alignment)
468     {
469     i += _bytesToRead;
470     address += _bytesToRead;
471     }
472     else
473     {
474     i += byte_alignment;
475     address += byte_alignment;
476     }
477    
478    
479     }
480     bw.Close();
481 william 229 data = ms.ToArray();
482 william 198 }
483 william 200 //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
484 william 198 }
485     catch (OutOfMemoryException ex)
486 william 162 {
487 william 198 logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
488     logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
489     logger.Error.WriteLine(ex.ToString());
490 william 162 }
491 william 198 catch (Exception ex)
492     {
493     logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
494     logger.Error.WriteLine("DumpMemory(): Exception");
495     logger.Error.WriteLine(ex.ToString());
496     }
497 william 156 }
498 william 198 #endregion
499 william 229 #region DumpMemoryToByteArray (sbyte)
500     //public void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out sbyte[] data)
501     //{
502     // data = new sbyte[] { };
503     // //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
504     // bytesRead = 0;
505     // uint byte_alignment = 1;
506     // // get common init parameters
507     // //InitMemoryDump(out byte_alignment);
508     // uint address = MemoryAddress;
509     // uint _bytesToRead = bytesToRead;
510     // sbyte[] buffer = new sbyte[] { };
511     // try
512     // {
513     // using (MemoryStream ms = new MemoryStream())
514     // {
515     // BinaryWriter bw = new BinaryWriter(ms);
516     // //foreach (byte b in data) { bw.Write(b); }
517    
518     // for (uint i = 0; i <= bytesToRead; )
519     // {
520     // if (_bytesToRead < byte_alignment)
521     // {
522     // _bytesToRead = bytesToRead;
523     // buffer = new sbyte[_bytesToRead];
524     // }
525     // else
526     // {
527     // _bytesToRead = byte_alignment;
528     // buffer = new sbyte[byte_alignment];
529     // }
530     // IntPtr ptrBytesRead;
531    
532     // ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, (byte[])(Array)buffer, _bytesToRead, out ptrBytesRead);
533     // bytesRead = ptrBytesRead.ToInt32();
534     // bw.Write((byte[])(Array)buffer);
535     // bw.Flush();
536    
537     // if (_bytesToRead < byte_alignment)
538     // {
539     // i += _bytesToRead;
540     // address += _bytesToRead;
541     // }
542     // else
543     // {
544     // i += byte_alignment;
545     // address += byte_alignment;
546     // }
547    
548    
549     // }
550     // bw.Close();
551     // data = (sbyte[])(Array)ms.ToArray();
552     // }
553     // //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
554     // }
555     // catch (OutOfMemoryException ex)
556     // {
557     // logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
558     // logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
559     // logger.Error.WriteLine(ex.ToString());
560     // }
561     // catch (Exception ex)
562     // {
563     // logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
564     // logger.Error.WriteLine("DumpMemory(): Exception");
565     // logger.Error.WriteLine(ex.ToString());
566     // }
567     //}
568 william 198 #endregion
569 william 229 #endregion
570 william 203
571     #region ReadFirstNonZeroByte
572     public bool ReadFirstNonZeroByte(Process ppid, uint MemoryAddress, uint bytesToRead, out uint address)
573     {
574     //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
575     address = 0;
576     uint byte_alignment = 1;
577     // get common init parameters
578     //InitMemoryDump(out byte_alignment);
579     uint mem_address = MemoryAddress;
580     uint _bytesToRead = bytesToRead;
581     byte[] buffer = new byte[] { };
582     try
583     {
584     //using (MemoryStream ms = new MemoryStream())
585     //{
586     // //BinaryWriter bw = new BinaryWriter(ms);
587     // //foreach (byte b in data) { bw.Write(b); }
588     for (uint i = 0; i <= bytesToRead; )
589     {
590     if (_bytesToRead < byte_alignment)
591     {
592     _bytesToRead = bytesToRead;
593     buffer = new byte[_bytesToRead];
594     }
595     else
596     {
597     _bytesToRead = byte_alignment;
598     buffer = new byte[byte_alignment];
599     }
600     IntPtr ptrBytesRead;
601     ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)mem_address, buffer, _bytesToRead, out ptrBytesRead);
602     //bw.Write(buffer);
603     //bw.Flush();
604     if (_bytesToRead < byte_alignment)
605     {
606     i += _bytesToRead;
607     mem_address += _bytesToRead;
608     }
609     else
610     {
611     i += byte_alignment;
612     mem_address += byte_alignment;
613     }
614     for (uint j = 0; j < buffer.Length; j++)
615     {
616     if (buffer[j] != 0)
617     {
618     address = mem_address;
619     break;
620     }
621     }
622     if (address != 0)
623     break;
624     }
625     // bw.Close();
626     //}
627     //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
628     return true;
629     }
630     catch (OutOfMemoryException ex)
631     {
632     logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
633     logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
634     logger.Error.WriteLine(ex.ToString());
635     }
636     catch (Exception ex)
637     {
638     logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
639     logger.Error.WriteLine("DumpMemory(): Exception");
640     logger.Error.WriteLine(ex.ToString());
641     }
642     return false;
643     }
644     #endregion
645 william 88 }
646 william 198 #endregion
647 william 88 /// <summary>
648     /// ProcessMemoryReader is a class that enables direct reading a process memory
649     /// </summary>
650 william 198 public class ProcessMemoryReaderApi
651 william 88 {
652     // constants information can be found in <winnt.h>
653     [Flags]
654     public enum ProcessAccessType
655     {
656     PROCESS_TERMINATE = (0x0001),
657     PROCESS_CREATE_THREAD = (0x0002),
658     PROCESS_SET_SESSIONID = (0x0004),
659     PROCESS_VM_OPERATION = (0x0008),
660     PROCESS_VM_READ = (0x0010),
661     PROCESS_VM_WRITE = (0x0020),
662     PROCESS_DUP_HANDLE = (0x0040),
663     PROCESS_CREATE_PROCESS = (0x0080),
664     PROCESS_SET_QUOTA = (0x0100),
665     PROCESS_SET_INFORMATION = (0x0200),
666     PROCESS_QUERY_INFORMATION = (0x0400)
667     }
668    
669     // function declarations are found in the MSDN and in <winbase.h>
670    
671     // HANDLE OpenProcess(
672     // DWORD dwDesiredAccess, // access flag
673     // BOOL bInheritHandle, // handle inheritance option
674     // DWORD dwProcessId // process identifier
675     // );
676     [DllImport("kernel32.dll")]
677     public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
678    
679     // BOOL CloseHandle(
680     // HANDLE hObject // handle to object
681     // );
682     [DllImport("kernel32.dll")]
683     public static extern Int32 CloseHandle(IntPtr hObject);
684    
685     // BOOL ReadProcessMemory(
686     // HANDLE hProcess, // handle to the process
687     // LPCVOID lpBaseAddress, // base of memory area
688     // LPVOID lpBuffer, // data buffer
689     // SIZE_T nSize, // number of bytes to read
690     // SIZE_T * lpNumberOfBytesRead // number of bytes read
691     // );
692     [DllImport("kernel32.dll")]
693 william 164 public static extern Int32 ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
694 william 88
695     // BOOL WriteProcessMemory(
696     // HANDLE hProcess, // handle to process
697     // LPVOID lpBaseAddress, // base of memory area
698     // LPCVOID lpBuffer, // data buffer
699     // SIZE_T nSize, // count of bytes to write
700     // SIZE_T * lpNumberOfBytesWritten // count of bytes written
701     // );
702     [DllImport("kernel32.dll")]
703 william 164 public static extern Int32 WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
704 william 88
705    
706     }
707     }
708     #endregion
709     }

  ViewVC Help
Powered by ViewVC 1.1.22