ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/RomCheater/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
Revision: 576
Committed: Thu Jun 6 07:49:01 2013 UTC (10 years, 8 months ago) by william
File size: 38286 byte(s)
Log Message:

File Contents

# User Rev Content
1 william 414 #region Logging Defines
2     // include this any class or method that required logging, and comment-out what is not needed
3 william 415
4 william 414 #region Enabled logging levels
5     #define LOGGING_ENABLE_INFO
6     #define LOGGING_ENABLE_WARN
7     #define LOGGING_ENABLE_DEBUG
8     #define LOGGING_ENABLE_VERBOSEDEBUG
9     #define LOGGING_ENABLE_ERROR
10     #define LOGGING_ENABLE_VERBOSEERROR
11 william 427 //#define LOGGING_ENABLE_PROFILER
12 william 414 #endregion
13     #endregion
14     using System;
15 william 88 using System.Collections.Generic;
16     using System.Text;
17     using System.Diagnostics;
18     using System.Threading;
19     using System.Runtime.InteropServices;
20 william 156 using RomCheater.Logging;
21 william 162 using System.IO;
22 william 231 using Sojaner.MemoryScanner.MemoryProviers;
23 william 284 using Microsoft.Win32.SafeHandles;
24 william 351 using Microsoft.Win32.Interop;
25     using System.ComponentModel;
26 william 404 using ManagedWinapi;
27 william 408 using RomCheater.PluginFramework.Events;
28 william 88
29     namespace Sojaner.MemoryScanner
30     {
31     // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
32     #region ProcessMemoryReader class
33     //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
34     //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
35 william 408 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
36 william 88 {
37 william 404 // constants information can be found in <winnt.h>
38     [Flags]
39 william 411 enum ProcessAccessFlags : uint
40 william 404 {
41 william 411 All = 0x001F0FFF,
42     Terminate = 0x00000001,
43     CreateThread = 0x00000002,
44     VMOperation = 0x00000008,
45     VMRead = 0x00000010,
46     VMWrite = 0x00000020,
47     DupHandle = 0x00000040,
48     SetInformation = 0x00000200,
49     QueryInformation = 0x00000400,
50     Synchronize = 0x00100000
51 william 404 }
52     [Flags]
53     public enum AllocationProtect : uint
54     {
55     // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
56     NONE = 0,
57     PAGE_NOACCESS = 0x00000001,
58     PAGE_READONLY = 0x00000002,
59     PAGE_READWRITE = 0x00000004,
60     PAGE_WRITECOPY = 0x00000008,
61     PAGE_EXECUTE = 0x00000010,
62     PAGE_EXECUTE_READ = 0x00000020,
63     PAGE_EXECUTE_READWRITE = 0x00000040,
64     PAGE_EXECUTE_WRITECOPY = 0x00000080,
65     PAGE_GUARD = 0x00000100,
66     PAGE_NOCACHE = 0x00000200,
67     PAGE_WRITECOMBINE = 0x00000400
68     }
69     [StructLayout(LayoutKind.Sequential)]
70     public struct MEMORY_BASIC_INFORMATION
71     {
72     public IntPtr BaseAddress;
73     public IntPtr AllocationBase;
74     public AllocationProtect AllocationProtect;
75     public IntPtr RegionSize;
76     public uint State;
77     public uint Protect;
78     public uint Type;
79     }
80 william 88
81     public ProcessMemoryReader()
82     {
83     }
84 william 408 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
85 william 88 /// <summary>
86     /// Process from which to read
87     /// </summary>
88 william 477 public Process ReadProcess
89 william 88 {
90     get
91     {
92 william 477 return m_ReadProcess;
93 william 88 }
94     set
95     {
96 william 477 m_ReadProcess = value;
97 william 88 }
98     }
99    
100 william 477 private Process m_ReadProcess = null;
101 william 286
102     //SafeWaitHandle handle;
103 william 428 //private IntPtr handle = IntPtr.Zero;
104 william 419 //SafeWaitHandle m_hProcess; /* unused */
105 william 428 //public void OpenProcess()
106     //{
107     // try
108     // {
109     // // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
110     // //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
111     // //{
112     // // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
113     // //}
114     // ProcessAccessFlags access;
115     // access = ProcessAccessFlags.VMRead
116     // | ProcessAccessFlags.VMWrite
117     // | ProcessAccessFlags.VMOperation;
118     // //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
119     // handle = ProcessMemoryReaderApi.OpenProcess(access, true, m_ReadProcess.Id);
120     // //m_hProcess = new SafeWaitHandle(handle, false);
121     // }
122     // catch (SEHException ex)
123     // {
124     // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
125     // logger.Error.WriteLine(ex.ToString());
126     // throw ex;
127     // }
128     // catch (Exception ex)
129     // {
130     // logger.Error.WriteLine(ex.ToString());
131     // throw ex;
132     // }
133     //}
134 william 88
135 william 428 //public void CloseHandle()
136     //{
137     // try
138     // {
139     // ////if (handle.IsInvalid) { return; }
140     // ////if (handle.IsClosed) { return; }
141     // //m_hProcess.Close();
142     // //m_hProcess.Dispose();
143     // //m_hProcess = null;
144     // //handle = IntPtr.Zero;
145     // //m_ReadProcess = null;
146     // //string stack_trace = System.Environment.StackTrace;
147     // int iRetValue;
148     // iRetValue = ProcessMemoryReaderApi.CloseHandle(handle);
149     // handle = IntPtr.Zero;
150     // ReadProcess = null;
151     // if (iRetValue == 0)
152     // {
153     // throw new Exception("CloseHandle failed");
154     // }
155     // }
156     // catch (SEHException ex)
157     // {
158     // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
159     // logger.Error.WriteLine(ex.ToString());
160     // throw ex;
161     // }
162     // catch (Exception ex)
163     // {
164     // logger.Error.WriteLine(ex.ToString());
165     // throw ex;
166     // }
167     //}
168 william 88 /// <summary>
169     /// ProcessMemoryReader is a class that enables direct reading a process memory
170     /// </summary>
171 william 231 private class ProcessMemoryReaderApi
172 william 88 {
173 william 404 [DllImport("kernel32.dll")]
174     public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
175 william 88
176     // function declarations are found in the MSDN and in <winbase.h>
177    
178     // HANDLE OpenProcess(
179     // DWORD dwDesiredAccess, // access flag
180     // BOOL bInheritHandle, // handle inheritance option
181     // DWORD dwProcessId // process identifier
182     // );
183     [DllImport("kernel32.dll")]
184 william 411 public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
185 william 88
186     // BOOL CloseHandle(
187     // HANDLE hObject // handle to object
188     // );
189     [DllImport("kernel32.dll")]
190     public static extern Int32 CloseHandle(IntPtr hObject);
191    
192     // BOOL ReadProcessMemory(
193     // HANDLE hProcess, // handle to the process
194     // LPCVOID lpBaseAddress, // base of memory area
195     // LPVOID lpBuffer, // data buffer
196     // SIZE_T nSize, // number of bytes to read
197     // SIZE_T * lpNumberOfBytesRead // number of bytes read
198     // );
199 william 350 [DllImport("kernel32.dll", SetLastError = true)]
200     public static extern bool ReadProcessMemory(
201     IntPtr hProcess,
202     IntPtr lpBaseAddress,
203     [Out] byte[] lpBuffer,
204     uint dwSize,
205     out int lpNumberOfBytesRead
206     );
207 william 88
208     // BOOL WriteProcessMemory(
209     // HANDLE hProcess, // handle to process
210     // LPVOID lpBaseAddress, // base of memory area
211     // LPCVOID lpBuffer, // data buffer
212     // SIZE_T nSize, // count of bytes to write
213     // SIZE_T * lpNumberOfBytesWritten // count of bytes written
214     // );
215 william 350 [DllImport("kernel32.dll", SetLastError = true)]
216     public static extern bool WriteProcessMemory(
217     IntPtr hProcess,
218     IntPtr lpBaseAddress,
219     byte[] lpBuffer,
220     uint nSize,
221     out UIntPtr lpNumberOfBytesWritten);
222 william 88
223    
224     }
225 william 231
226     #region IMemoryReader Members
227 william 249 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
228 william 576 public bool ReadFirstNonZeroByte(ulong MemoryAddress, uint bytesToRead, out ulong address)
229 william 231 {
230     //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
231     address = 0;
232 william 235 uint byte_alignment = 1;
233 william 231 // get common init parameters
234     //InitMemoryDump(out byte_alignment);
235 william 576 ulong mem_address = MemoryAddress;
236 william 235 uint _bytesToRead = bytesToRead;
237 william 231 byte[] buffer = new byte[] { };
238     try
239     {
240     //using (MemoryStream ms = new MemoryStream())
241     //{
242     // //BinaryWriter bw = new BinaryWriter(ms);
243     // //foreach (byte b in data) { bw.Write(b); }
244 william 235 for (uint i = 0; i <= bytesToRead; )
245 william 231 {
246     if (_bytesToRead < byte_alignment)
247     {
248     _bytesToRead = bytesToRead;
249     buffer = new byte[_bytesToRead];
250     }
251     else
252     {
253     _bytesToRead = byte_alignment;
254     buffer = new byte[byte_alignment];
255     }
256     int bytesRead = 0;
257     ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
258 william 245 if (buffer.Length == 0 && bytesRead == 0)
259     {
260 william 477 throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
261 william 245 }
262 william 231 //bw.Write(buffer);
263     //bw.Flush();
264     if (_bytesToRead < byte_alignment)
265     {
266     i += _bytesToRead;
267 william 576 mem_address += (ulong)_bytesToRead;
268 william 231 }
269     else
270     {
271     i += byte_alignment;
272 william 576 mem_address += (ulong)byte_alignment;
273 william 231 }
274     for (uint j = 0; j < buffer.Length; j++)
275     {
276     if (buffer[j] != 0)
277     {
278     address = mem_address;
279     break;
280     }
281     }
282     if (address != 0)
283     break;
284     }
285     // bw.Close();
286     //}
287     //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
288     return true;
289     }
290 william 247 catch (SEHException ex)
291     {
292     logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
293     logger.Error.WriteLine(ex.ToString());
294     throw ex;
295     }
296 william 231 catch (OutOfMemoryException ex)
297     {
298 william 247 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
299 william 231 logger.Error.WriteLine(ex.ToString());
300     }
301     catch (Exception ex)
302     {
303 william 247 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
304 william 231 logger.Error.WriteLine(ex.ToString());
305 william 247 throw ex;
306 william 231 }
307     return false;
308     }
309 william 249 #endregion
310 william 404
311 william 543
312 william 575 public void UpdateAddressArray(ulong[] addresses, uint size, out byte[][] values)
313 william 543 {
314     // size = size of data to read at each address
315     values = new byte[addresses.Length][];
316     for (int x = 0; x < values.Length; x++) { values[x] = new byte[size]; }
317    
318     for (int i = 0; i < addresses.Length; i++)
319     {
320     byte[] data = new byte[size];
321     int bytesRead =0;
322     var address = addresses[i];
323     this.ReadProcessMemory(address, size, out bytesRead, out data);
324     values[i] = data;
325     }
326     }
327    
328    
329 william 575 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, uint bytesToRead, object UserState)
330 william 408 {
331 william 521 uint size = 128;
332 william 518 //int count = 0;
333 william 575 for (ulong j = MemoryAddress; j < (MemoryAddress + bytesToRead); j += size)
334 william 408 {
335 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
336 william 409 {
337 william 477 byte[] bigMem = mem.Read();
338 william 518 //count += bigMem.Length;
339 william 477 if (this.OnBytesRead != null)
340 william 446 {
341 william 477 OnBytesReadEventArgs t = new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead);
342     this.OnBytesRead.Invoke(t);
343     if (t.Canceled)
344 william 446 {
345 william 477 bigMem = null;
346     break;
347 william 446 }
348 william 477
349 william 446 }
350 william 477 bigMem = null;
351 william 409 }
352 william 408 }
353     }
354 william 575 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
355 william 354 {
356 william 477 Stopwatch st = new Stopwatch();
357     st.Start();
358     List<byte> buffer_list = new List<byte>();
359     //for (uint j = MemoryAddress; j < (MemoryAddress+bytesToRead); j += size)
360     //{
361     // using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)bytesToRead))
362     // {
363     // byte[] bigMem = mem.Read();
364     // foreach (byte b in bigMem) { buffer_list.Add(b); }
365     // bigMem = null;
366     // }
367     //}
368    
369     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToRead))
370 william 471 {
371 william 477 byte[] bigMem = mem.Read();
372     foreach (byte b in bigMem) { buffer_list.Add(b); }
373     bigMem = null;
374     }
375 william 425
376 william 477 bytesRead = buffer_list.Count;
377     data = new byte[bytesToRead];
378     data.Initialize();
379     Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
380     st.Stop();
381     logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
382 william 354 }
383 william 404 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
384 william 575 public void ReadProcessMemory(long MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
385 william 231 {
386 william 575 ReadProcessMemory((ulong)MemoryAddress, bytesToRead, out bytesRead, out data);
387 william 350 }
388 william 575 public void ReadProcessMemory(ulong MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
389 william 350 {
390 william 247 try
391     {
392 william 425 ReadProcessMemoryAtOnce(MemoryAddress, bytesToRead, out bytesRead, out data);
393     //bytesRead = 0;
394     //data = new byte[bytesToRead];
395     //const int alignment = 1;
396     //List<byte> buffer_list = new List<byte>();
397     //uint _MemoryAddress = MemoryAddress;
398     //for (int i = 0; i < bytesToRead; i++)
399     //{
400     // byte[] buffer = new byte[alignment];
401     // int _bytesRead = 0;
402     // MEMORY_BASIC_INFORMATION m;
403     // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
404 william 404
405 william 425 // if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
406     // m.AllocationProtect == 0)
407     // {
408     // uint OrignalAddress = _MemoryAddress;
409     // while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
410     // {
411     // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
412     // _MemoryAddress++;
413     // buffer_list.Add(0);
414     // }
415     // _MemoryAddress--;
416     // uint diff = _MemoryAddress - OrignalAddress;
417     // i += (int)diff;
418     // buffer_list.RemoveAt(buffer_list.Count-1);
419     // }
420 william 404
421 william 425 // ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
422     // int LastError = Marshal.GetLastWin32Error();
423     // if (LastError != ResultWin32.ERROR_SUCCESS)
424     // {
425     // string ErrorName = ResultWin32.GetErrorName(LastError);
426     // }
427     // if (_bytesRead > 0)
428     // {
429     // foreach (byte b in buffer)
430     // {
431     // buffer_list.Add(b);
432     // }
433     // _MemoryAddress += (uint)buffer.Length;
434     // }
435     //}
436     //bytesRead = buffer_list.Count;
437     //Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
438 william 247 }
439     catch (SEHException ex)
440     {
441     logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
442     logger.Error.WriteLine(ex.ToString());
443     throw ex;
444     }
445     catch (Exception ex)
446     {
447     logger.Error.WriteLine("ReadProcessMemory(): Exception");
448     logger.Error.WriteLine(ex.ToString());
449     throw ex;
450     }
451 william 231 }
452     #endregion
453 william 249 #endregion
454 william 231
455     #region IMemoryWriter Members
456 william 249 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
457 william 575 public void WriteProcessMemory(long MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
458 william 231 {
459 william 350 uint _bytesWritten = 0;
460 william 575 WriteProcessMemory((ulong)MemoryAddress, bytesToWrite, out _bytesWritten);
461 william 350 bytesWritten = (int)_bytesWritten;
462     }
463 william 575 public void WriteProcessMemory(ulong MemoryAddress, byte[] bytesToWrite, out uint bytesWritten)
464 william 350 {
465 william 247 try
466     {
467 william 477 //uint _bytesWritten = 0;
468 william 575 ulong _MemoryAddress = MemoryAddress;
469 william 477
470     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, bytesToWrite.Length))
471 william 471 {
472 william 477 mem.Write(0, bytesToWrite);
473     }
474 william 428
475 william 477 //for (int i = 0; i < bytesToWrite.Length; i++)
476     //{
477     // UIntPtr _ptrBytesWritten = UIntPtr.Zero;
478     // byte[] buffer = new byte[] { bytesToWrite[i] };
479     // ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
480     // _MemoryAddress++;
481     // _bytesWritten++;
482     //}
483     //bytesWritten = _bytesWritten;
484     bytesWritten = (uint)bytesToWrite.Length;
485 william 247 }
486     catch (SEHException ex)
487     {
488     logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
489     logger.Error.WriteLine(ex.ToString());
490     throw ex;
491     }
492     catch (Exception ex)
493     {
494    
495     logger.Error.WriteLine("WriteProcessMemory() Exception");
496     logger.Error.WriteLine(ex.ToString());
497     bytesWritten = 0;
498     throw ex;
499     }
500 william 231 }
501 william 249 #endregion
502 william 231 #endregion
503    
504     #region IFileWriter Members
505 william 249 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
506 william 575 public bool WriteProcessMemoryToFile(string filename, ulong MemoryAddress, uint bytesToRead, out int bytesRead)
507 william 231 {
508     //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
509     bytesRead = 0;
510 william 235 uint byte_alignment = 102400;
511 william 575 ulong address = MemoryAddress;
512 william 235 uint _bytesToRead = bytesToRead;
513 william 231 byte[] buffer = new byte[] { };
514     try
515     {
516     FileInfo fi = new FileInfo(filename);
517     if (fi.Exists)
518     fi.Delete();
519     using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
520     {
521     BinaryWriter bw = new BinaryWriter(fs);
522     //foreach (byte b in data) { bw.Write(b); }
523    
524 william 235 for (uint i = 0; i <= bytesToRead; )
525 william 231 {
526     if (_bytesToRead < byte_alignment)
527     {
528     _bytesToRead = bytesToRead;
529     buffer = new byte[_bytesToRead];
530     }
531     else
532     {
533     _bytesToRead = byte_alignment;
534     buffer = new byte[byte_alignment];
535     }
536 william 404 ReadProcessMemory(address, _bytesToRead, out bytesRead, out buffer);
537 william 231 bw.Write(buffer);
538     bw.Flush();
539    
540     if (_bytesToRead < byte_alignment)
541     {
542     i += _bytesToRead;
543 william 575 address += (ulong)_bytesToRead;
544 william 231 }
545     else
546     {
547     i += byte_alignment;
548 william 575 address += (ulong)byte_alignment;
549 william 231 }
550    
551    
552     }
553     bw.Close();
554     }
555 william 477 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
556 william 231 return true;
557     }
558 william 247 catch (SEHException ex)
559     {
560     logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
561     logger.Error.WriteLine(ex.ToString());
562     throw ex;
563     }
564 william 231 catch (OutOfMemoryException ex)
565     {
566 william 247 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
567 william 231 logger.Error.WriteLine(ex.ToString());
568     }
569     catch (Exception ex)
570     {
571 william 247 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
572 william 231 logger.Error.WriteLine(ex.ToString());
573 william 247 throw ex;
574 william 231 }
575     return false;
576     }
577     #endregion
578 william 249 #endregion
579 william 370
580     #region IPatchMemory members
581 william 378 #region public virtual bool PatchMemory(uint address, byte value)
582 william 575 public virtual bool PatchMemory(ulong address, byte value)
583 william 370 {
584 william 477 byte[] bitData = BitConverter.GetBytes(value);
585     //UIntPtr ptrBytesWritten;
586     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
587 william 428 {
588 william 477 mem.Write(0, bitData);
589 william 428 }
590     //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
591     //if (ptrBytesWritten.ToUInt32() == 0)
592     // return false;
593 william 370 byte check = 0;
594     ReadMemory(address, out check);
595     if (check == value) return true;
596     return false;
597     }
598     #endregion
599 william 378 #region public virtual bool PatchMemory(uint address, sbyte value)
600 william 575 public virtual bool PatchMemory(ulong address, sbyte value)
601 william 370 {
602 william 477 byte[] bitData = BitConverter.GetBytes(value);
603     //UIntPtr ptrBytesWritten;
604     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
605 william 428 {
606 william 477 mem.Write(0, bitData);
607 william 428 }
608     //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
609     //if (ptrBytesWritten.ToUInt32() == 0)
610     // return false;
611 william 370 sbyte check = 0;
612     ReadMemory(address, out check);
613     if (check == value) return true;
614     return false;
615     }
616     #endregion
617 william 378 #region public virtual bool PatchMemory(uint address, ushort value)
618 william 575 public virtual bool PatchMemory(ulong address, ushort value)
619 william 370 {
620 william 477 byte[] bitData = BitConverter.GetBytes(value);
621     //UIntPtr ptrBytesWritten;
622     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
623 william 428 {
624 william 477 mem.Write(0, bitData);
625 william 428 }
626     //if (ptrBytesWritten.ToUInt32() == 0)
627     // return false;
628 william 370 ushort check = 0;
629     ReadMemory(address, out check);
630     if (check == value) return true;
631     return false;
632     }
633     #endregion
634 william 378 #region public virtual bool PatchMemory(uint address, short value)
635 william 575 public virtual bool PatchMemory(ulong address, short value)
636 william 477 {
637     byte[] bitData = BitConverter.GetBytes(value);
638     //UIntPtr ptrBytesWritten;
639     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
640 william 428 {
641 william 477 mem.Write(0, bitData);
642 william 428 }
643     //if (ptrBytesWritten.ToUInt32() == 0)
644     // return false;
645 william 370 short check = 0;
646     ReadMemory(address, out check);
647     if (check == value) return true;
648     return false;
649     }
650     #endregion
651 william 378 #region public virtual bool PatchMemory(uint address, uint value)
652 william 575 public virtual bool PatchMemory(ulong address, uint value)
653 william 370 {
654 william 477 byte[] bitData = BitConverter.GetBytes(value);
655     //UIntPtr ptrBytesWritten;
656     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
657 william 428 {
658 william 477 mem.Write(0, bitData);
659 william 428 }
660     //if (ptrBytesWritten.ToUInt32() == 0)
661     // return false;
662 william 370 uint check = 0;
663     ReadMemory(address, out check);
664     if (check == value) return true;
665     return false;
666     }
667     #endregion
668 william 378 #region public virtual bool PatchMemory(uint address, int value)
669 william 575 public virtual bool PatchMemory(ulong address, int value)
670 william 370 {
671 william 477 byte[] bitData = BitConverter.GetBytes(value);
672     //UIntPtr ptrBytesWritten;
673     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
674 william 428 {
675 william 477 mem.Write(0, bitData);
676 william 428 }
677     //if (ptrBytesWritten.ToUInt32() == 0)
678     // return false;
679 william 370 int check = 0;
680     ReadMemory(address, out check);
681     if (check == value) return true;
682     return false;
683     }
684     #endregion
685 william 378 #region public virtual bool PatchMemory(uint address, ulong value)
686 william 575 public virtual bool PatchMemory(ulong address, ulong value)
687 william 370 {
688 william 477 byte[] bitData = BitConverter.GetBytes(value);
689     //UIntPtr ptrBytesWritten;
690     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
691 william 428 {
692 william 477 mem.Write(0, bitData);
693 william 428 }
694     //if (ptrBytesWritten.ToUInt32() == 0)
695     // return false;
696 william 370 ulong check = 0;
697     ReadMemory(address, out check);
698     if (check == value) return true;
699     return false;
700     }
701     #endregion
702 william 378 #region public virtual bool PatchMemory(uint address, long value)
703 william 575 public virtual bool PatchMemory(ulong address, long value)
704 william 370 {
705 william 477 byte[] bitData = BitConverter.GetBytes(value);
706     //UIntPtr ptrBytesWritten;
707     using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, bitData.Length))
708 william 428 {
709 william 477 mem.Write(0, bitData);
710 william 428 }
711     //if (ptrBytesWritten.ToUInt32() == 0)
712     // return false;
713 william 370 long check = 0;
714     ReadMemory(address, out check);
715     if (check == value) return true;
716     return false;
717     }
718     #endregion
719     #endregion
720    
721     #region IReadMemory members
722 william 378 #region public virtual bool ReadMemory(uint address, out byte value)
723 william 575 public virtual bool ReadMemory(ulong address, out byte value)
724 william 370 {
725     value = 0;
726     try
727     {
728 william 428 //int bytesRead;
729 william 370 uint size = sizeof(byte);
730     byte[] bitData = new byte[size];
731 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
732 william 428 {
733 william 493 bitData = mem.Read(0, (int)size);
734 william 477 }
735 william 428 //if (bytesRead == 0)
736     // return false;
737 william 370 value = bitData[0];
738     return true;
739     }
740     catch
741     {
742     value = 0x00;
743     return false;
744     }
745     }
746     #endregion
747 william 378 #region public virtual bool ReadMemory(uint address, out sbyte value)
748 william 575 public virtual bool ReadMemory(ulong address, out sbyte value)
749 william 370 {
750     value = 0;
751     try
752     {
753 william 428 //int bytesRead;
754 william 370 uint size = sizeof(sbyte);
755     byte[] bitData = new byte[size];
756 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
757 william 428 {
758 william 493 bitData = mem.Read(0, (int)size);
759 william 477 }
760 william 428 //if (bytesRead == 0)
761     // return false;
762 william 370 value = Convert.ToSByte(bitData[0]);
763     return true;
764     }
765     catch
766     {
767     value = 0x00;
768     return false;
769     }
770     }
771     #endregion
772 william 378 #region public virtual bool ReadMemory(uint address, out ushort value)
773 william 575 public virtual bool ReadMemory(ulong address, out ushort value)
774 william 370 {
775     value = 0;
776     try
777     {
778 william 428 //int bytesRead;
779 william 370 uint size = sizeof(ushort);
780     byte[] bitData = new byte[size];
781 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
782 william 428 {
783 william 493 bitData = mem.Read(0, (int)size);
784 william 477 }
785 william 428 //if (bytesRead == 0)
786     // return false;
787 william 370 value = BitConverter.ToUInt16(bitData, 0);
788     return true;
789     }
790     catch
791     {
792     value = 0x00;
793     return false;
794     }
795     }
796     #endregion
797 william 378 #region public virtual bool ReadMemory(uint address, out short value)
798 william 575 public virtual bool ReadMemory(ulong address, out short value)
799 william 370 {
800     value = 0;
801     try
802     {
803 william 428 //int bytesRead;
804 william 370 uint size = sizeof(short);
805     byte[] bitData = new byte[size];
806 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
807 william 428 {
808 william 493 bitData = mem.Read(0, (int)size);
809 william 477 }
810 william 428 //if (bytesRead == 0)
811     // return false;
812 william 370 value = BitConverter.ToInt16(bitData, 0);
813     return true;
814     }
815     catch
816     {
817     value = 0x00;
818     return false;
819     }
820     }
821     #endregion
822 william 378 #region public virtual bool ReadMemory(uint address, out uint value)
823 william 575 public virtual bool ReadMemory(ulong address, out uint value)
824 william 370 {
825     value = 0;
826     try
827     {
828 william 428 //int bytesRead;
829 william 370 uint size = sizeof(uint);
830     byte[] bitData = new byte[size];
831 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
832 william 428 {
833 william 493 bitData = mem.Read(0, (int)size);
834 william 477 }
835 william 428 //if (bytesRead == 0)
836     // return false;
837 william 370 value = BitConverter.ToUInt32(bitData, 0);
838     return true;
839     }
840     catch
841     {
842     value = 0x00;
843     return false;
844     }
845     }
846     #endregion
847 william 378 #region public virtual bool ReadMemory(uint address, out int value)
848 william 575 public virtual bool ReadMemory(ulong address, out int value)
849 william 370 {
850     value = 0;
851     try
852     {
853 william 428 //int bytesRead;
854 william 370 uint size = sizeof(int);
855     byte[] bitData = new byte[size];
856 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
857 william 428 {
858 william 493 bitData = mem.Read(0, (int)size);
859 william 477 }
860 william 428 //if (bytesRead == 0)
861     // return false;
862 william 370 value = BitConverter.ToInt32(bitData, 0);
863     return true;
864     }
865     catch
866     {
867     value = 0x00;
868     return false;
869     }
870     }
871     #endregion
872 william 378 #region public virtual bool ReadMemory(uint address, out ulong value)
873 william 575 public virtual bool ReadMemory(ulong address, out ulong value)
874 william 370 {
875     value = 0;
876     try
877     {
878 william 428 //int bytesRead;
879 william 370 uint size = sizeof(ulong);
880     byte[] bitData = new byte[size];
881 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
882 william 428 {
883 william 493 bitData = mem.Read(0, (int)size);
884 william 477 }
885 william 428 //if (bytesRead == 0)
886     // return false;
887 william 370 value = BitConverter.ToUInt64(bitData, 0);
888     return true;
889     }
890     catch
891     {
892     value = 0x00;
893     return false;
894     }
895     }
896     #endregion
897 william 378 #region public virtual bool ReadMemory(uint address, out long value)
898 william 575 public virtual bool ReadMemory(ulong address, out long value)
899 william 370 {
900     value = 0;
901     try
902     {
903 william 428 // int bytesRead;
904 william 370 uint size = sizeof(long);
905     byte[] bitData = new byte[size];
906 william 477 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
907 william 428 {
908 william 493 bitData = mem.Read(0, (int)size);
909 william 477 }
910 william 428 //if (bytesRead == 0)
911     // return false;
912 william 370 value = BitConverter.ToInt64(bitData, 0);
913     return true;
914     }
915     catch
916     {
917     value = 0x00;
918     return false;
919     }
920     }
921     #endregion
922     #endregion
923 william 88 }
924     #endregion
925     }