ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/RomCheater/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
Revision: 446
Committed: Sun Jun 2 19:52:03 2013 UTC (9 years, 9 months ago) by william
File size: 37506 byte(s)
Log Message: 
+ fix search cancel/reset

File Contents

# User Rev Content
1 william 414 #region Logging Defines
2     // include this any class or method that required logging, and comment-out what is not needed
3 william 415
4 william 414 #region Enabled logging levels
5     #define LOGGING_ENABLE_INFO
6     #define LOGGING_ENABLE_WARN
7     #define LOGGING_ENABLE_DEBUG
8     #define LOGGING_ENABLE_VERBOSEDEBUG
9     #define LOGGING_ENABLE_ERROR
10     #define LOGGING_ENABLE_VERBOSEERROR
11 william 427 //#define LOGGING_ENABLE_PROFILER
12 william 414 #endregion
13     #endregion
14     using System;
15 william 88 using System.Collections.Generic;
16     using System.Text;
17     using System.Diagnostics;
18     using System.Threading;
19     using System.Runtime.InteropServices;
20 william 156 using RomCheater.Logging;
21 william 162 using System.IO;
22 william 231 using Sojaner.MemoryScanner.MemoryProviers;
23 william 284 using Microsoft.Win32.SafeHandles;
24 william 351 using Microsoft.Win32.Interop;
25     using System.ComponentModel;
26 william 404 using ManagedWinapi;
27 william 408 using RomCheater.PluginFramework.Events;
28 william 88
29     namespace Sojaner.MemoryScanner
30     {
31     // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
32     #region ProcessMemoryReader class
33     //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
34     //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
35 william 408 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
36 william 88 {
37 william 404 // constants information can be found in <winnt.h>
38     [Flags]
39 william 411 enum ProcessAccessFlags : uint
40 william 404 {
41 william 411 All = 0x001F0FFF,
42     Terminate = 0x00000001,
43     CreateThread = 0x00000002,
44     VMOperation = 0x00000008,
45     VMRead = 0x00000010,
46     VMWrite = 0x00000020,
47     DupHandle = 0x00000040,
48     SetInformation = 0x00000200,
49     QueryInformation = 0x00000400,
50     Synchronize = 0x00100000
51 william 404 }
52     [Flags]
53     public enum AllocationProtect : uint
54     {
55     // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
56     NONE = 0,
57     PAGE_NOACCESS = 0x00000001,
58     PAGE_READONLY = 0x00000002,
59     PAGE_READWRITE = 0x00000004,
60     PAGE_WRITECOPY = 0x00000008,
61     PAGE_EXECUTE = 0x00000010,
62     PAGE_EXECUTE_READ = 0x00000020,
63     PAGE_EXECUTE_READWRITE = 0x00000040,
64     PAGE_EXECUTE_WRITECOPY = 0x00000080,
65     PAGE_GUARD = 0x00000100,
66     PAGE_NOCACHE = 0x00000200,
67     PAGE_WRITECOMBINE = 0x00000400
68     }
69     [StructLayout(LayoutKind.Sequential)]
70     public struct MEMORY_BASIC_INFORMATION
71     {
72     public IntPtr BaseAddress;
73     public IntPtr AllocationBase;
74     public AllocationProtect AllocationProtect;
75     public IntPtr RegionSize;
76     public uint State;
77     public uint Protect;
78     public uint Type;
79     }
80 william 88
81     public ProcessMemoryReader()
82     {
83     }
84 william 408 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
85 william 88 /// <summary>
86     /// Process from which to read
87     /// </summary>
88     public Process ReadProcess
89     {
90     get
91     {
92     return m_ReadProcess;
93     }
94     set
95     {
96     m_ReadProcess = value;
97     }
98     }
99    
100     private Process m_ReadProcess = null;
101 william 286
102     //SafeWaitHandle handle;
103 william 428 //private IntPtr handle = IntPtr.Zero;
104 william 419 //SafeWaitHandle m_hProcess; /* unused */
105 william 428 //public void OpenProcess()
106     //{
107     // try
108     // {
109     // // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
110     // //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
111     // //{
112     // // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
113     // //}
114     // ProcessAccessFlags access;
115     // access = ProcessAccessFlags.VMRead
116     // | ProcessAccessFlags.VMWrite
117     // | ProcessAccessFlags.VMOperation;
118     // //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
119     // handle = ProcessMemoryReaderApi.OpenProcess(access, true, m_ReadProcess.Id);
120     // //m_hProcess = new SafeWaitHandle(handle, false);
121     // }
122     // catch (SEHException ex)
123     // {
124     // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
125     // logger.Error.WriteLine(ex.ToString());
126     // throw ex;
127     // }
128     // catch (Exception ex)
129     // {
130     // logger.Error.WriteLine(ex.ToString());
131     // throw ex;
132     // }
133     //}
134 william 88
135 william 428 //public void CloseHandle()
136     //{
137     // try
138     // {
139     // ////if (handle.IsInvalid) { return; }
140     // ////if (handle.IsClosed) { return; }
141     // //m_hProcess.Close();
142     // //m_hProcess.Dispose();
143     // //m_hProcess = null;
144     // //handle = IntPtr.Zero;
145     // //m_ReadProcess = null;
146     // //string stack_trace = System.Environment.StackTrace;
147     // int iRetValue;
148     // iRetValue = ProcessMemoryReaderApi.CloseHandle(handle);
149     // handle = IntPtr.Zero;
150     // ReadProcess = null;
151     // if (iRetValue == 0)
152     // {
153     // throw new Exception("CloseHandle failed");
154     // }
155     // }
156     // catch (SEHException ex)
157     // {
158     // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
159     // logger.Error.WriteLine(ex.ToString());
160     // throw ex;
161     // }
162     // catch (Exception ex)
163     // {
164     // logger.Error.WriteLine(ex.ToString());
165     // throw ex;
166     // }
167     //}
168 william 88 /// <summary>
169     /// ProcessMemoryReader is a class that enables direct reading a process memory
170     /// </summary>
171 william 231 private class ProcessMemoryReaderApi
172 william 88 {
173 william 404 [DllImport("kernel32.dll")]
174     public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
175 william 88
176     // function declarations are found in the MSDN and in <winbase.h>
177    
178     // HANDLE OpenProcess(
179     // DWORD dwDesiredAccess, // access flag
180     // BOOL bInheritHandle, // handle inheritance option
181     // DWORD dwProcessId // process identifier
182     // );
183     [DllImport("kernel32.dll")]
184 william 411 public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
185 william 88
186     // BOOL CloseHandle(
187     // HANDLE hObject // handle to object
188     // );
189     [DllImport("kernel32.dll")]
190     public static extern Int32 CloseHandle(IntPtr hObject);
191    
192     // BOOL ReadProcessMemory(
193     // HANDLE hProcess, // handle to the process
194     // LPCVOID lpBaseAddress, // base of memory area
195     // LPVOID lpBuffer, // data buffer
196     // SIZE_T nSize, // number of bytes to read
197     // SIZE_T * lpNumberOfBytesRead // number of bytes read
198     // );
199 william 350 [DllImport("kernel32.dll", SetLastError = true)]
200     public static extern bool ReadProcessMemory(
201     IntPtr hProcess,
202     IntPtr lpBaseAddress,
203     [Out] byte[] lpBuffer,
204     uint dwSize,
205     out int lpNumberOfBytesRead
206     );
207 william 88
208     // BOOL WriteProcessMemory(
209     // HANDLE hProcess, // handle to process
210     // LPVOID lpBaseAddress, // base of memory area
211     // LPCVOID lpBuffer, // data buffer
212     // SIZE_T nSize, // count of bytes to write
213     // SIZE_T * lpNumberOfBytesWritten // count of bytes written
214     // );
215 william 350 [DllImport("kernel32.dll", SetLastError = true)]
216     public static extern bool WriteProcessMemory(
217     IntPtr hProcess,
218     IntPtr lpBaseAddress,
219     byte[] lpBuffer,
220     uint nSize,
221     out UIntPtr lpNumberOfBytesWritten);
222 william 88
223    
224     }
225 william 231
226     #region IMemoryReader Members
227 william 249 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
228     public bool ReadFirstNonZeroByte(int MemoryAddress, uint bytesToRead, out int address)
229 william 231 {
230     //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
231     address = 0;
232 william 235 uint byte_alignment = 1;
233 william 231 // get common init parameters
234     //InitMemoryDump(out byte_alignment);
235 william 249 int mem_address = MemoryAddress;
236 william 235 uint _bytesToRead = bytesToRead;
237 william 231 byte[] buffer = new byte[] { };
238     try
239     {
240     //using (MemoryStream ms = new MemoryStream())
241     //{
242     // //BinaryWriter bw = new BinaryWriter(ms);
243     // //foreach (byte b in data) { bw.Write(b); }
244 william 235 for (uint i = 0; i <= bytesToRead; )
245 william 231 {
246     if (_bytesToRead < byte_alignment)
247     {
248     _bytesToRead = bytesToRead;
249     buffer = new byte[_bytesToRead];
250     }
251     else
252     {
253     _bytesToRead = byte_alignment;
254     buffer = new byte[byte_alignment];
255     }
256     int bytesRead = 0;
257     ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
258 william 245 if (buffer.Length == 0 && bytesRead == 0)
259     {
260     throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
261     }
262 william 231 //bw.Write(buffer);
263     //bw.Flush();
264     if (_bytesToRead < byte_alignment)
265     {
266     i += _bytesToRead;
267 william 249 mem_address += (int)_bytesToRead;
268 william 231 }
269     else
270     {
271     i += byte_alignment;
272 william 249 mem_address += (int)byte_alignment;
273 william 231 }
274     for (uint j = 0; j < buffer.Length; j++)
275     {
276     if (buffer[j] != 0)
277     {
278     address = mem_address;
279     break;
280     }
281     }
282     if (address != 0)
283     break;
284     }
285     // bw.Close();
286     //}
287     //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
288     return true;
289     }
290 william 247 catch (SEHException ex)
291     {
292     logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
293     logger.Error.WriteLine(ex.ToString());
294     throw ex;
295     }
296 william 231 catch (OutOfMemoryException ex)
297     {
298 william 247 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
299 william 231 logger.Error.WriteLine(ex.ToString());
300     }
301     catch (Exception ex)
302     {
303 william 247 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
304 william 231 logger.Error.WriteLine(ex.ToString());
305 william 247 throw ex;
306 william 231 }
307     return false;
308     }
309 william 249 #endregion
310 william 404
311 william 425 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead, object UserState)
312 william 408 {
313     uint size = 1024 * 128;
314 william 429 int count = 0;
315 william 425 for (uint j = MemoryAddress; j < (MemoryAddress + bytesToRead); j += size)
316 william 408 {
317 william 409 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
318     {
319     byte[] bigMem = mem.Read();
320 william 429 count += bigMem.Length;
321 william 409 if (this.OnBytesRead != null)
322 william 446 {
323     OnBytesReadEventArgs t = new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead);
324     this.OnBytesRead.Invoke(t);
325     if (t.Canceled)
326     {
327     bigMem = null;
328     break;
329     }
330    
331     }
332 william 409 bigMem = null;
333     }
334 william 408 }
335     }
336 william 404 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
337 william 354 {
338 william 404 Stopwatch st = new Stopwatch();
339     st.Start();
340     List<byte> buffer_list = new List<byte>();
341 william 425 //for (uint j = MemoryAddress; j < (MemoryAddress+bytesToRead); j += size)
342     //{
343     // using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)bytesToRead))
344     // {
345     // byte[] bigMem = mem.Read();
346     // foreach (byte b in bigMem) { buffer_list.Add(b); }
347     // bigMem = null;
348     // }
349     //}
350    
351     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToRead))
352 william 404 {
353 william 425 byte[] bigMem = mem.Read();
354     foreach (byte b in bigMem) { buffer_list.Add(b); }
355     bigMem = null;
356 william 404 }
357 william 425
358 william 404 bytesRead = buffer_list.Count;
359     data = new byte[bytesToRead];
360     data.Initialize();
361     Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
362     st.Stop();
363     logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
364 william 354 }
365 william 404 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
366 william 249 public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
367 william 231 {
368 william 350 ReadProcessMemory((uint)MemoryAddress, bytesToRead, out bytesRead, out data);
369     }
370     public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
371     {
372 william 247 try
373     {
374 william 425 ReadProcessMemoryAtOnce(MemoryAddress, bytesToRead, out bytesRead, out data);
375     //bytesRead = 0;
376     //data = new byte[bytesToRead];
377     //const int alignment = 1;
378     //List<byte> buffer_list = new List<byte>();
379     //uint _MemoryAddress = MemoryAddress;
380     //for (int i = 0; i < bytesToRead; i++)
381     //{
382     // byte[] buffer = new byte[alignment];
383     // int _bytesRead = 0;
384     // MEMORY_BASIC_INFORMATION m;
385     // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
386 william 404
387 william 425 // if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
388     // m.AllocationProtect == 0)
389     // {
390     // uint OrignalAddress = _MemoryAddress;
391     // while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
392     // {
393     // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
394     // _MemoryAddress++;
395     // buffer_list.Add(0);
396     // }
397     // _MemoryAddress--;
398     // uint diff = _MemoryAddress - OrignalAddress;
399     // i += (int)diff;
400     // buffer_list.RemoveAt(buffer_list.Count-1);
401     // }
402 william 404
403 william 425 // ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
404     // int LastError = Marshal.GetLastWin32Error();
405     // if (LastError != ResultWin32.ERROR_SUCCESS)
406     // {
407     // string ErrorName = ResultWin32.GetErrorName(LastError);
408     // }
409     // if (_bytesRead > 0)
410     // {
411     // foreach (byte b in buffer)
412     // {
413     // buffer_list.Add(b);
414     // }
415     // _MemoryAddress += (uint)buffer.Length;
416     // }
417     //}
418     //bytesRead = buffer_list.Count;
419     //Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
420 william 247 }
421     catch (SEHException ex)
422     {
423     logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
424     logger.Error.WriteLine(ex.ToString());
425     throw ex;
426     }
427     catch (Exception ex)
428     {
429     logger.Error.WriteLine("ReadProcessMemory(): Exception");
430     logger.Error.WriteLine(ex.ToString());
431     throw ex;
432     }
433 william 231 }
434     #endregion
435 william 249 #endregion
436 william 231
437     #region IMemoryWriter Members
438 william 249 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
439     public void WriteProcessMemory(int MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
440 william 231 {
441 william 350 uint _bytesWritten = 0;
442     WriteProcessMemory((uint)MemoryAddress, bytesToWrite, out _bytesWritten);
443     bytesWritten = (int)_bytesWritten;
444     }
445     public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out uint bytesWritten)
446     {
447 william 247 try
448     {
449 william 428 //uint _bytesWritten = 0;
450 william 352 uint _MemoryAddress = MemoryAddress;
451 william 428
452     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, bytesToWrite.Length))
453 william 351 {
454 william 428 mem.Write(0, bytesToWrite);
455 william 351 }
456 william 428
457     //for (int i = 0; i < bytesToWrite.Length; i++)
458     //{
459     // UIntPtr _ptrBytesWritten = UIntPtr.Zero;
460     // byte[] buffer = new byte[] { bytesToWrite[i] };
461     // ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
462     // _MemoryAddress++;
463     // _bytesWritten++;
464     //}
465     //bytesWritten = _bytesWritten;
466     bytesWritten = (uint)bytesToWrite.Length;
467 william 247 }
468     catch (SEHException ex)
469     {
470     logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
471     logger.Error.WriteLine(ex.ToString());
472     throw ex;
473     }
474     catch (Exception ex)
475     {
476    
477     logger.Error.WriteLine("WriteProcessMemory() Exception");
478     logger.Error.WriteLine(ex.ToString());
479     bytesWritten = 0;
480     throw ex;
481     }
482 william 231 }
483 william 249 #endregion
484 william 231 #endregion
485    
486     #region IFileWriter Members
487 william 249 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
488     public bool WriteProcessMemoryToFile(string filename, int MemoryAddress, uint bytesToRead, out int bytesRead)
489 william 231 {
490     //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
491     bytesRead = 0;
492 william 235 uint byte_alignment = 102400;
493 william 249 int address = MemoryAddress;
494 william 235 uint _bytesToRead = bytesToRead;
495 william 231 byte[] buffer = new byte[] { };
496     try
497     {
498     FileInfo fi = new FileInfo(filename);
499     if (fi.Exists)
500     fi.Delete();
501     using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
502     {
503     BinaryWriter bw = new BinaryWriter(fs);
504     //foreach (byte b in data) { bw.Write(b); }
505    
506 william 235 for (uint i = 0; i <= bytesToRead; )
507 william 231 {
508     if (_bytesToRead < byte_alignment)
509     {
510     _bytesToRead = bytesToRead;
511     buffer = new byte[_bytesToRead];
512     }
513     else
514     {
515     _bytesToRead = byte_alignment;
516     buffer = new byte[byte_alignment];
517     }
518 william 404 ReadProcessMemory(address, _bytesToRead, out bytesRead, out buffer);
519 william 231 bw.Write(buffer);
520     bw.Flush();
521    
522     if (_bytesToRead < byte_alignment)
523     {
524     i += _bytesToRead;
525 william 249 address += (int)_bytesToRead;
526 william 231 }
527     else
528     {
529     i += byte_alignment;
530 william 249 address += (int)byte_alignment;
531 william 231 }
532    
533    
534     }
535     bw.Close();
536     }
537     logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
538     return true;
539     }
540 william 247 catch (SEHException ex)
541     {
542     logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
543     logger.Error.WriteLine(ex.ToString());
544     throw ex;
545     }
546 william 231 catch (OutOfMemoryException ex)
547     {
548 william 247 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
549 william 231 logger.Error.WriteLine(ex.ToString());
550     }
551     catch (Exception ex)
552     {
553 william 247 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
554 william 231 logger.Error.WriteLine(ex.ToString());
555 william 247 throw ex;
556 william 231 }
557     return false;
558     }
559     #endregion
560 william 249 #endregion
561 william 370
562     #region IPatchMemory members
563 william 378 #region public virtual bool PatchMemory(uint address, byte value)
564     public virtual bool PatchMemory(uint address, byte value)
565 william 370 {
566     byte[] bitData = BitConverter.GetBytes(value);
567 william 428 //UIntPtr ptrBytesWritten;
568     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
569     {
570     mem.Write(0, bitData);
571     }
572     //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
573     //if (ptrBytesWritten.ToUInt32() == 0)
574     // return false;
575 william 370 byte check = 0;
576     ReadMemory(address, out check);
577     if (check == value) return true;
578     return false;
579     }
580     #endregion
581 william 378 #region public virtual bool PatchMemory(uint address, sbyte value)
582     public virtual bool PatchMemory(uint address, sbyte value)
583 william 370 {
584     byte[] bitData = BitConverter.GetBytes(value);
585 william 428 //UIntPtr ptrBytesWritten;
586     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
587     {
588     mem.Write(0, bitData);
589     }
590     //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
591     //if (ptrBytesWritten.ToUInt32() == 0)
592     // return false;
593 william 370 sbyte check = 0;
594     ReadMemory(address, out check);
595     if (check == value) return true;
596     return false;
597     }
598     #endregion
599 william 378 #region public virtual bool PatchMemory(uint address, ushort value)
600     public virtual bool PatchMemory(uint address, ushort value)
601 william 370 {
602     byte[] bitData = BitConverter.GetBytes(value);
603 william 428 //UIntPtr ptrBytesWritten;
604     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
605     {
606     mem.Write(0, bitData);
607     }
608     //if (ptrBytesWritten.ToUInt32() == 0)
609     // return false;
610 william 370 ushort check = 0;
611     ReadMemory(address, out check);
612     if (check == value) return true;
613     return false;
614     }
615     #endregion
616 william 378 #region public virtual bool PatchMemory(uint address, short value)
617     public virtual bool PatchMemory(uint address, short value)
618 william 370 {
619     byte[] bitData = BitConverter.GetBytes(value);
620 william 428 //UIntPtr ptrBytesWritten;
621     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
622     {
623     mem.Write(0, bitData);
624     }
625     //if (ptrBytesWritten.ToUInt32() == 0)
626     // return false;
627 william 370 short check = 0;
628     ReadMemory(address, out check);
629     if (check == value) return true;
630     return false;
631     }
632     #endregion
633 william 378 #region public virtual bool PatchMemory(uint address, uint value)
634     public virtual bool PatchMemory(uint address, uint value)
635 william 370 {
636     byte[] bitData = BitConverter.GetBytes(value);
637 william 428 //UIntPtr ptrBytesWritten;
638     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
639     {
640     mem.Write(0, bitData);
641     }
642     //if (ptrBytesWritten.ToUInt32() == 0)
643     // return false;
644 william 370 uint check = 0;
645     ReadMemory(address, out check);
646     if (check == value) return true;
647     return false;
648     }
649     #endregion
650 william 378 #region public virtual bool PatchMemory(uint address, int value)
651     public virtual bool PatchMemory(uint address, int value)
652 william 370 {
653     byte[] bitData = BitConverter.GetBytes(value);
654 william 428 //UIntPtr ptrBytesWritten;
655     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
656     {
657     mem.Write(0, bitData);
658     }
659     //if (ptrBytesWritten.ToUInt32() == 0)
660     // return false;
661 william 370 int check = 0;
662     ReadMemory(address, out check);
663     if (check == value) return true;
664     return false;
665     }
666     #endregion
667 william 378 #region public virtual bool PatchMemory(uint address, ulong value)
668     public virtual bool PatchMemory(uint address, ulong value)
669 william 370 {
670     byte[] bitData = BitConverter.GetBytes(value);
671 william 428 //UIntPtr ptrBytesWritten;
672     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
673     {
674     mem.Write(0, bitData);
675     }
676     //if (ptrBytesWritten.ToUInt32() == 0)
677     // return false;
678 william 370 ulong check = 0;
679     ReadMemory(address, out check);
680     if (check == value) return true;
681     return false;
682     }
683     #endregion
684 william 378 #region public virtual bool PatchMemory(uint address, long value)
685     public virtual bool PatchMemory(uint address, long value)
686 william 370 {
687     byte[] bitData = BitConverter.GetBytes(value);
688 william 428 //UIntPtr ptrBytesWritten;
689     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
690     {
691     mem.Write(0, bitData);
692     }
693     //if (ptrBytesWritten.ToUInt32() == 0)
694     // return false;
695 william 370 long check = 0;
696     ReadMemory(address, out check);
697     if (check == value) return true;
698     return false;
699     }
700     #endregion
701     #endregion
702    
703     #region IReadMemory members
704 william 378 #region public virtual bool ReadMemory(uint address, out byte value)
705     public virtual bool ReadMemory(uint address, out byte value)
706 william 370 {
707     value = 0;
708     try
709     {
710 william 428 //int bytesRead;
711 william 370 uint size = sizeof(byte);
712     byte[] bitData = new byte[size];
713 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
714     {
715     mem.Read(0, (int)size);
716     }
717     //if (bytesRead == 0)
718     // return false;
719 william 370 value = bitData[0];
720     return true;
721     }
722     catch
723     {
724     value = 0x00;
725     return false;
726     }
727     }
728     #endregion
729 william 378 #region public virtual bool ReadMemory(uint address, out sbyte value)
730     public virtual bool ReadMemory(uint address, out sbyte value)
731 william 370 {
732     value = 0;
733     try
734     {
735 william 428 //int bytesRead;
736 william 370 uint size = sizeof(sbyte);
737     byte[] bitData = new byte[size];
738 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
739     {
740     mem.Read(0, (int)size);
741     }
742     //if (bytesRead == 0)
743     // return false;
744 william 370 value = Convert.ToSByte(bitData[0]);
745     return true;
746     }
747     catch
748     {
749     value = 0x00;
750     return false;
751     }
752     }
753     #endregion
754 william 378 #region public virtual bool ReadMemory(uint address, out ushort value)
755     public virtual bool ReadMemory(uint address, out ushort value)
756 william 370 {
757     value = 0;
758     try
759     {
760 william 428 //int bytesRead;
761 william 370 uint size = sizeof(ushort);
762     byte[] bitData = new byte[size];
763 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
764     {
765     mem.Read(0, (int)size);
766     }
767     //if (bytesRead == 0)
768     // return false;
769 william 370 value = BitConverter.ToUInt16(bitData, 0);
770     return true;
771     }
772     catch
773     {
774     value = 0x00;
775     return false;
776     }
777     }
778     #endregion
779 william 378 #region public virtual bool ReadMemory(uint address, out short value)
780     public virtual bool ReadMemory(uint address, out short value)
781 william 370 {
782     value = 0;
783     try
784     {
785 william 428 //int bytesRead;
786 william 370 uint size = sizeof(short);
787     byte[] bitData = new byte[size];
788 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
789     {
790     mem.Read(0, (int)size);
791     }
792     //if (bytesRead == 0)
793     // return false;
794 william 370 value = BitConverter.ToInt16(bitData, 0);
795     return true;
796     }
797     catch
798     {
799     value = 0x00;
800     return false;
801     }
802     }
803     #endregion
804 william 378 #region public virtual bool ReadMemory(uint address, out uint value)
805     public virtual bool ReadMemory(uint address, out uint value)
806 william 370 {
807     value = 0;
808     try
809     {
810 william 428 //int bytesRead;
811 william 370 uint size = sizeof(uint);
812     byte[] bitData = new byte[size];
813 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
814     {
815     mem.Read(0, (int)size);
816     }
817     //if (bytesRead == 0)
818     // return false;
819 william 370 value = BitConverter.ToUInt32(bitData, 0);
820     return true;
821     }
822     catch
823     {
824     value = 0x00;
825     return false;
826     }
827     }
828     #endregion
829 william 378 #region public virtual bool ReadMemory(uint address, out int value)
830     public virtual bool ReadMemory(uint address, out int value)
831 william 370 {
832     value = 0;
833     try
834     {
835 william 428 //int bytesRead;
836 william 370 uint size = sizeof(int);
837     byte[] bitData = new byte[size];
838 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
839     {
840     mem.Read(0, (int)size);
841     }
842     //if (bytesRead == 0)
843     // return false;
844 william 370 value = BitConverter.ToInt32(bitData, 0);
845     return true;
846     }
847     catch
848     {
849     value = 0x00;
850     return false;
851     }
852     }
853     #endregion
854 william 378 #region public virtual bool ReadMemory(uint address, out ulong value)
855     public virtual bool ReadMemory(uint address, out ulong value)
856 william 370 {
857     value = 0;
858     try
859     {
860 william 428 //int bytesRead;
861 william 370 uint size = sizeof(ulong);
862     byte[] bitData = new byte[size];
863 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
864     {
865     mem.Read(0, (int)size);
866     }
867     //if (bytesRead == 0)
868     // return false;
869 william 370 value = BitConverter.ToUInt64(bitData, 0);
870     return true;
871     }
872     catch
873     {
874     value = 0x00;
875     return false;
876     }
877     }
878     #endregion
879 william 378 #region public virtual bool ReadMemory(uint address, out long value)
880     public virtual bool ReadMemory(uint address, out long value)
881 william 370 {
882     value = 0;
883     try
884     {
885 william 428 // int bytesRead;
886 william 370 uint size = sizeof(long);
887     byte[] bitData = new byte[size];
888 william 428 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
889     {
890     mem.Read(0, (int)size);
891     }
892     //if (bytesRead == 0)
893     // return false;
894 william 370 value = BitConverter.ToInt64(bitData, 0);
895     return true;
896     }
897     catch
898     {
899     value = 0x00;
900     return false;
901     }
902     }
903     #endregion
904     #endregion
905 william 88 }
906     #endregion
907     }