/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Contents of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 408 - (show annotations) (download)
Thu Jun 21 18:10:21 2012 UTC (8 years, 5 months ago) by william
File size: 34537 byte(s)

1 using System;
2 using System.Collections.Generic;
3 using System.Text;
4 using System.Diagnostics;
5 using System.Threading;
6 using System.Runtime.InteropServices;
7 using RomCheater.Logging;
8 using System.IO;
9 using Sojaner.MemoryScanner.MemoryProviers;
10 using Microsoft.Win32.SafeHandles;
11 using Microsoft.Win32.Interop;
12 using System.ComponentModel;
13 using ManagedWinapi;
14 using RomCheater.PluginFramework.Events;
15
16 namespace Sojaner.MemoryScanner
17 {
18 // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
19 #region ProcessMemoryReader class
20 //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
21 //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
22 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
23 {
24 // constants information can be found in <winnt.h>
25 [Flags]
26 public enum ProcessAccessType
27 {
28 PROCESS_TERMINATE = (0x0001),
29 PROCESS_CREATE_THREAD = (0x0002),
30 PROCESS_SET_SESSIONID = (0x0004),
31 PROCESS_VM_OPERATION = (0x0008),
32 PROCESS_VM_READ = (0x0010),
33 PROCESS_VM_WRITE = (0x0020),
34 PROCESS_DUP_HANDLE = (0x0040),
35 PROCESS_CREATE_PROCESS = (0x0080),
36 PROCESS_SET_QUOTA = (0x0100),
37 PROCESS_SET_INFORMATION = (0x0200),
38 PROCESS_QUERY_INFORMATION = (0x0400)
39 }
40 [Flags]
41 public enum AllocationProtect : uint
42 {
43 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
44 NONE = 0,
45 PAGE_NOACCESS = 0x00000001,
46 PAGE_READONLY = 0x00000002,
47 PAGE_READWRITE = 0x00000004,
48 PAGE_WRITECOPY = 0x00000008,
49 PAGE_EXECUTE = 0x00000010,
50 PAGE_EXECUTE_READ = 0x00000020,
51 PAGE_EXECUTE_READWRITE = 0x00000040,
52 PAGE_EXECUTE_WRITECOPY = 0x00000080,
53 PAGE_GUARD = 0x00000100,
54 PAGE_NOCACHE = 0x00000200,
55 PAGE_WRITECOMBINE = 0x00000400
56 }
57 [StructLayout(LayoutKind.Sequential)]
58 public struct MEMORY_BASIC_INFORMATION
59 {
60 public IntPtr BaseAddress;
61 public IntPtr AllocationBase;
62 public AllocationProtect AllocationProtect;
63 public IntPtr RegionSize;
64 public uint State;
65 public uint Protect;
66 public uint Type;
67 }
68
69 public ProcessMemoryReader()
70 {
71 }
72 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
73 /// <summary>
74 /// Process from which to read
75 /// </summary>
76 public Process ReadProcess
77 {
78 get
79 {
80 return m_ReadProcess;
81 }
82 set
83 {
84 m_ReadProcess = value;
85 }
86 }
87
88 private Process m_ReadProcess = null;
89
90 //SafeWaitHandle handle;
91 private static IntPtr m_hProcess = IntPtr.Zero;
92
93 public void OpenProcess()
94 {
95 try
96 {
97 // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
98 //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
99 //{
100 // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
101 //}
102 ProcessAccessType access;
103 access = ProcessAccessType.PROCESS_VM_READ
104 | ProcessAccessType.PROCESS_VM_WRITE
105 | ProcessAccessType.PROCESS_VM_OPERATION;
106 //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
107 m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
108 }
109 catch (SEHException ex)
110 {
111 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
112 logger.Error.WriteLine(ex.ToString());
113 throw ex;
114 }
115 catch (Exception ex)
116 {
117 logger.Error.WriteLine(ex.ToString());
118 throw ex;
119 }
120 }
121
122 public void CloseHandle()
123 {
124 try
125 {
126 SafeWaitHandle handle = new SafeWaitHandle(m_ReadProcess.Handle, false);
127 if (handle.IsInvalid) { return; }
128 if (handle.IsClosed) { return; }
129 handle.Close();
130 handle = null;
131 //m_hProcess = IntPtr.Zero;
132 //string stack_trace = System.Environment.StackTrace;
133 //int iRetValue;
134 //iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
135 //if (iRetValue == 0)
136 //{
137 // throw new Exception("CloseHandle failed");
138 //}
139 }
140 catch (SEHException ex)
141 {
142 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
143 logger.Error.WriteLine(ex.ToString());
144 throw ex;
145 }
146 catch (Exception ex)
147 {
148 logger.Error.WriteLine(ex.ToString());
149 throw ex;
150 }
151 }
152 /// <summary>
153 /// ProcessMemoryReader is a class that enables direct reading a process memory
154 /// </summary>
155 private class ProcessMemoryReaderApi
156 {
157 [DllImport("kernel32.dll")]
158 public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
159
160 // function declarations are found in the MSDN and in <winbase.h>
161
162 // HANDLE OpenProcess(
163 // DWORD dwDesiredAccess, // access flag
164 // BOOL bInheritHandle, // handle inheritance option
165 // DWORD dwProcessId // process identifier
166 // );
167 [DllImport("kernel32.dll")]
168 public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
169
170 // BOOL CloseHandle(
171 // HANDLE hObject // handle to object
172 // );
173 [DllImport("kernel32.dll")]
174 public static extern Int32 CloseHandle(IntPtr hObject);
175
176 // BOOL ReadProcessMemory(
177 // HANDLE hProcess, // handle to the process
178 // LPCVOID lpBaseAddress, // base of memory area
179 // LPVOID lpBuffer, // data buffer
180 // SIZE_T nSize, // number of bytes to read
181 // SIZE_T * lpNumberOfBytesRead // number of bytes read
182 // );
183 [DllImport("kernel32.dll", SetLastError = true)]
184 public static extern bool ReadProcessMemory(
185 IntPtr hProcess,
186 IntPtr lpBaseAddress,
187 [Out] byte[] lpBuffer,
188 uint dwSize,
189 out int lpNumberOfBytesRead
190 );
191
192 // BOOL WriteProcessMemory(
193 // HANDLE hProcess, // handle to process
194 // LPVOID lpBaseAddress, // base of memory area
195 // LPCVOID lpBuffer, // data buffer
196 // SIZE_T nSize, // count of bytes to write
197 // SIZE_T * lpNumberOfBytesWritten // count of bytes written
198 // );
199 [DllImport("kernel32.dll", SetLastError = true)]
200 public static extern bool WriteProcessMemory(
201 IntPtr hProcess,
202 IntPtr lpBaseAddress,
203 byte[] lpBuffer,
204 uint nSize,
205 out UIntPtr lpNumberOfBytesWritten);
206
207
208 }
209
210 #region IMemoryReader Members
211 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
212 public bool ReadFirstNonZeroByte(int MemoryAddress, uint bytesToRead, out int address)
213 {
214 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
215 address = 0;
216 uint byte_alignment = 1;
217 // get common init parameters
218 //InitMemoryDump(out byte_alignment);
219 int mem_address = MemoryAddress;
220 uint _bytesToRead = bytesToRead;
221 byte[] buffer = new byte[] { };
222 try
223 {
224 //using (MemoryStream ms = new MemoryStream())
225 //{
226 // //BinaryWriter bw = new BinaryWriter(ms);
227 // //foreach (byte b in data) { bw.Write(b); }
228 for (uint i = 0; i <= bytesToRead; )
229 {
230 if (_bytesToRead < byte_alignment)
231 {
232 _bytesToRead = bytesToRead;
233 buffer = new byte[_bytesToRead];
234 }
235 else
236 {
237 _bytesToRead = byte_alignment;
238 buffer = new byte[byte_alignment];
239 }
240 int bytesRead = 0;
241 ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
242 if (buffer.Length == 0 && bytesRead == 0)
243 {
244 throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
245 }
246 //bw.Write(buffer);
247 //bw.Flush();
248 if (_bytesToRead < byte_alignment)
249 {
250 i += _bytesToRead;
251 mem_address += (int)_bytesToRead;
252 }
253 else
254 {
255 i += byte_alignment;
256 mem_address += (int)byte_alignment;
257 }
258 for (uint j = 0; j < buffer.Length; j++)
259 {
260 if (buffer[j] != 0)
261 {
262 address = mem_address;
263 break;
264 }
265 }
266 if (address != 0)
267 break;
268 }
269 // bw.Close();
270 //}
271 //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
272 return true;
273 }
274 catch (SEHException ex)
275 {
276 logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
277 logger.Error.WriteLine(ex.ToString());
278 throw ex;
279 }
280 catch (OutOfMemoryException ex)
281 {
282 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
283 logger.Error.WriteLine(ex.ToString());
284 }
285 catch (Exception ex)
286 {
287 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
288 logger.Error.WriteLine(ex.ToString());
289 throw ex;
290 }
291 return false;
292 }
293 #endregion
294
295 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead,object UserState)
296 {
297 uint size = 1024 * 128;
298 for (uint j = MemoryAddress; j < bytesToRead; j += size)
299 {
300 ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size);
301 byte[] bigMem = mem.Read();
302 if (this.OnBytesRead != null)
303 this.OnBytesRead.Invoke(new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead));
304 bigMem = null;
305 }
306
307 }
308 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
309 {
310 Stopwatch st = new Stopwatch();
311 st.Start();
312 uint size = 1024 * 64;
313 List<byte> buffer_list = new List<byte>();
314 for (uint j = MemoryAddress; j < bytesToRead; j += size)
315 {
316 ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size);
317 byte[] bigMem = mem.Read();
318 foreach (byte b in bigMem) { buffer_list.Add(b); }
319 bigMem = null;
320 }
321 bytesRead = buffer_list.Count;
322 data = new byte[bytesToRead];
323 data.Initialize();
324 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
325 st.Stop();
326 logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
327 }
328
329 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
330 public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
331 {
332 ReadProcessMemory((uint)MemoryAddress, bytesToRead, out bytesRead, out data);
333 }
334 public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
335 {
336 try
337 {
338 bytesRead = 0;
339 data = new byte[bytesToRead];
340 const int alignment = 1;
341 List<byte> buffer_list = new List<byte>();
342 uint _MemoryAddress = MemoryAddress;
343 for (int i = 0; i < bytesToRead; i++)
344 {
345 byte[] buffer = new byte[alignment];
346 int _bytesRead = 0;
347 MEMORY_BASIC_INFORMATION m;
348 ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
349
350 if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
351 m.AllocationProtect == 0)
352 {
353 uint OrignalAddress = _MemoryAddress;
354 while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
355 {
356 ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
357 _MemoryAddress++;
358 buffer_list.Add(0);
359 }
360 _MemoryAddress--;
361 uint diff = _MemoryAddress - OrignalAddress;
362 i += (int)diff;
363 buffer_list.RemoveAt(buffer_list.Count-1);
364 }
365
366 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
367 int LastError = Marshal.GetLastWin32Error();
368 if (LastError != ResultWin32.ERROR_SUCCESS)
369 {
370 string ErrorName = ResultWin32.GetErrorName(LastError);
371 }
372 if (_bytesRead > 0)
373 {
374 foreach (byte b in buffer)
375 {
376 buffer_list.Add(b);
377 }
378 _MemoryAddress += (uint)buffer.Length;
379 }
380 }
381 bytesRead = buffer_list.Count;
382 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
383 }
384 catch (SEHException ex)
385 {
386 logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
387 logger.Error.WriteLine(ex.ToString());
388 throw ex;
389 }
390 catch (Exception ex)
391 {
392 logger.Error.WriteLine("ReadProcessMemory(): Exception");
393 logger.Error.WriteLine(ex.ToString());
394 throw ex;
395 }
396 }
397 #endregion
398 #endregion
399
400 #region IMemoryWriter Members
401 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
402 public void WriteProcessMemory(int MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
403 {
404 uint _bytesWritten = 0;
405 WriteProcessMemory((uint)MemoryAddress, bytesToWrite, out _bytesWritten);
406 bytesWritten = (int)_bytesWritten;
407 }
408 public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out uint bytesWritten)
409 {
410 try
411 {
412 uint _bytesWritten = 0;
413 uint _MemoryAddress = MemoryAddress;
414 for (int i = 0; i < bytesToWrite.Length; i++)
415 {
416 UIntPtr _ptrBytesWritten = UIntPtr.Zero;
417 byte[] buffer = new byte[] { bytesToWrite[i] };
418 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
419 _MemoryAddress++;
420 _bytesWritten++;
421 }
422 bytesWritten = _bytesWritten;
423 }
424 catch (SEHException ex)
425 {
426 logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
427 logger.Error.WriteLine(ex.ToString());
428 throw ex;
429 }
430 catch (Exception ex)
431 {
432
433 logger.Error.WriteLine("WriteProcessMemory() Exception");
434 logger.Error.WriteLine(ex.ToString());
435 bytesWritten = 0;
436 throw ex;
437 }
438 }
439 #endregion
440 #endregion
441
442 #region IFileWriter Members
443 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
444 public bool WriteProcessMemoryToFile(string filename, int MemoryAddress, uint bytesToRead, out int bytesRead)
445 {
446 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
447 bytesRead = 0;
448 uint byte_alignment = 102400;
449 int address = MemoryAddress;
450 uint _bytesToRead = bytesToRead;
451 byte[] buffer = new byte[] { };
452 try
453 {
454 FileInfo fi = new FileInfo(filename);
455 if (fi.Exists)
456 fi.Delete();
457 using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
458 {
459 BinaryWriter bw = new BinaryWriter(fs);
460 //foreach (byte b in data) { bw.Write(b); }
461
462 for (uint i = 0; i <= bytesToRead; )
463 {
464 if (_bytesToRead < byte_alignment)
465 {
466 _bytesToRead = bytesToRead;
467 buffer = new byte[_bytesToRead];
468 }
469 else
470 {
471 _bytesToRead = byte_alignment;
472 buffer = new byte[byte_alignment];
473 }
474 ReadProcessMemory(address, _bytesToRead, out bytesRead, out buffer);
475 bw.Write(buffer);
476 bw.Flush();
477
478 if (_bytesToRead < byte_alignment)
479 {
480 i += _bytesToRead;
481 address += (int)_bytesToRead;
482 }
483 else
484 {
485 i += byte_alignment;
486 address += (int)byte_alignment;
487 }
488
489
490 }
491 bw.Close();
492 }
493 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
494 return true;
495 }
496 catch (SEHException ex)
497 {
498 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
499 logger.Error.WriteLine(ex.ToString());
500 throw ex;
501 }
502 catch (OutOfMemoryException ex)
503 {
504 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
505 logger.Error.WriteLine(ex.ToString());
506 }
507 catch (Exception ex)
508 {
509 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
510 logger.Error.WriteLine(ex.ToString());
511 throw ex;
512 }
513 return false;
514 }
515 #endregion
516 #endregion
517
518 #region IPatchMemory members
519 #region public virtual bool PatchMemory(uint address, byte value)
520 public virtual bool PatchMemory(uint address, byte value)
521 {
522 byte[] bitData = BitConverter.GetBytes(value);
523 UIntPtr ptrBytesWritten;
524 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
525 if (ptrBytesWritten.ToUInt32() == 0)
526 return false;
527 byte check = 0;
528 ReadMemory(address, out check);
529 if (check == value) return true;
530 return false;
531 }
532 #endregion
533 #region public virtual bool PatchMemory(uint address, sbyte value)
534 public virtual bool PatchMemory(uint address, sbyte value)
535 {
536 byte[] bitData = BitConverter.GetBytes(value);
537 UIntPtr ptrBytesWritten;
538 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
539 if (ptrBytesWritten.ToUInt32() == 0)
540 return false;
541 sbyte check = 0;
542 ReadMemory(address, out check);
543 if (check == value) return true;
544 return false;
545 }
546 #endregion
547 #region public virtual bool PatchMemory(uint address, ushort value)
548 public virtual bool PatchMemory(uint address, ushort value)
549 {
550 byte[] bitData = BitConverter.GetBytes(value);
551 UIntPtr ptrBytesWritten;
552 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
553 if (ptrBytesWritten.ToUInt32() == 0)
554 return false;
555 ushort check = 0;
556 ReadMemory(address, out check);
557 if (check == value) return true;
558 return false;
559 }
560 #endregion
561 #region public virtual bool PatchMemory(uint address, short value)
562 public virtual bool PatchMemory(uint address, short value)
563 {
564 byte[] bitData = BitConverter.GetBytes(value);
565 UIntPtr ptrBytesWritten;
566 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
567 if (ptrBytesWritten.ToUInt32() == 0)
568 return false;
569 short check = 0;
570 ReadMemory(address, out check);
571 if (check == value) return true;
572 return false;
573 }
574 #endregion
575 #region public virtual bool PatchMemory(uint address, uint value)
576 public virtual bool PatchMemory(uint address, uint value)
577 {
578 byte[] bitData = BitConverter.GetBytes(value);
579 UIntPtr ptrBytesWritten;
580 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
581 if (ptrBytesWritten.ToUInt32() == 0)
582 return false;
583 uint check = 0;
584 ReadMemory(address, out check);
585 if (check == value) return true;
586 return false;
587 }
588 #endregion
589 #region public virtual bool PatchMemory(uint address, int value)
590 public virtual bool PatchMemory(uint address, int value)
591 {
592 byte[] bitData = BitConverter.GetBytes(value);
593 UIntPtr ptrBytesWritten;
594 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
595 if (ptrBytesWritten.ToUInt32() == 0)
596 return false;
597 int check = 0;
598 ReadMemory(address, out check);
599 if (check == value) return true;
600 return false;
601 }
602 #endregion
603 #region public virtual bool PatchMemory(uint address, ulong value)
604 public virtual bool PatchMemory(uint address, ulong value)
605 {
606 byte[] bitData = BitConverter.GetBytes(value);
607 UIntPtr ptrBytesWritten;
608 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
609 if (ptrBytesWritten.ToUInt32() == 0)
610 return false;
611 ulong check = 0;
612 ReadMemory(address, out check);
613 if (check == value) return true;
614 return false;
615 }
616 #endregion
617 #region public virtual bool PatchMemory(uint address, long value)
618 public virtual bool PatchMemory(uint address, long value)
619 {
620 byte[] bitData = BitConverter.GetBytes(value);
621 UIntPtr ptrBytesWritten;
622 ProcessMemoryReaderApi.WriteProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
623 if (ptrBytesWritten.ToUInt32() == 0)
624 return false;
625 long check = 0;
626 ReadMemory(address, out check);
627 if (check == value) return true;
628 return false;
629 }
630 #endregion
631 #endregion
632
633 #region IReadMemory members
634 #region public virtual bool ReadMemory(uint address, out byte value)
635 public virtual bool ReadMemory(uint address, out byte value)
636 {
637 value = 0;
638 try
639 {
640 int bytesRead;
641 uint size = sizeof(byte);
642 byte[] bitData = new byte[size];
643 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
644 if (bytesRead == 0)
645 return false;
646 value = bitData[0];
647 return true;
648 }
649 catch
650 {
651 value = 0x00;
652 return false;
653 }
654 }
655 #endregion
656 #region public virtual bool ReadMemory(uint address, out sbyte value)
657 public virtual bool ReadMemory(uint address, out sbyte value)
658 {
659 value = 0;
660 try
661 {
662 int bytesRead;
663 uint size = sizeof(sbyte);
664 byte[] bitData = new byte[size];
665 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
666 if (bytesRead == 0)
667 return false;
668 value = Convert.ToSByte(bitData[0]);
669 return true;
670 }
671 catch
672 {
673 value = 0x00;
674 return false;
675 }
676 }
677 #endregion
678 #region public virtual bool ReadMemory(uint address, out ushort value)
679 public virtual bool ReadMemory(uint address, out ushort value)
680 {
681 value = 0;
682 try
683 {
684 int bytesRead;
685 uint size = sizeof(ushort);
686 byte[] bitData = new byte[size];
687 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
688 if (bytesRead == 0)
689 return false;
690 value = BitConverter.ToUInt16(bitData, 0);
691 return true;
692 }
693 catch
694 {
695 value = 0x00;
696 return false;
697 }
698 }
699 #endregion
700 #region public virtual bool ReadMemory(uint address, out short value)
701 public virtual bool ReadMemory(uint address, out short value)
702 {
703 value = 0;
704 try
705 {
706 int bytesRead;
707 uint size = sizeof(short);
708 byte[] bitData = new byte[size];
709 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
710 if (bytesRead == 0)
711 return false;
712 value = BitConverter.ToInt16(bitData, 0);
713 return true;
714 }
715 catch
716 {
717 value = 0x00;
718 return false;
719 }
720 }
721 #endregion
722 #region public virtual bool ReadMemory(uint address, out uint value)
723 public virtual bool ReadMemory(uint address, out uint value)
724 {
725 value = 0;
726 try
727 {
728 int bytesRead;
729 uint size = sizeof(uint);
730 byte[] bitData = new byte[size];
731 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
732 if (bytesRead == 0)
733 return false;
734 value = BitConverter.ToUInt32(bitData, 0);
735 return true;
736 }
737 catch
738 {
739 value = 0x00;
740 return false;
741 }
742 }
743 #endregion
744 #region public virtual bool ReadMemory(uint address, out int value)
745 public virtual bool ReadMemory(uint address, out int value)
746 {
747 value = 0;
748 try
749 {
750 int bytesRead;
751 uint size = sizeof(int);
752 byte[] bitData = new byte[size];
753 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
754 if (bytesRead == 0)
755 return false;
756 value = BitConverter.ToInt32(bitData, 0);
757 return true;
758 }
759 catch
760 {
761 value = 0x00;
762 return false;
763 }
764 }
765 #endregion
766 #region public virtual bool ReadMemory(uint address, out ulong value)
767 public virtual bool ReadMemory(uint address, out ulong value)
768 {
769 value = 0;
770 try
771 {
772 int bytesRead;
773 uint size = sizeof(ulong);
774 byte[] bitData = new byte[size];
775 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
776 if (bytesRead == 0)
777 return false;
778 value = BitConverter.ToUInt64(bitData, 0);
779 return true;
780 }
781 catch
782 {
783 value = 0x00;
784 return false;
785 }
786 }
787 #endregion
788 #region public virtual bool ReadMemory(uint address, out long value)
789 public virtual bool ReadMemory(uint address, out long value)
790 {
791 value = 0;
792 try
793 {
794 int bytesRead;
795 uint size = sizeof(long);
796 byte[] bitData = new byte[size];
797 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_ReadProcess.Handle, (IntPtr)address, bitData, size, out bytesRead);
798 if (bytesRead == 0)
799 return false;
800 value = BitConverter.ToInt64(bitData, 0);
801 return true;
802 }
803 catch
804 {
805 value = 0x00;
806 return false;
807 }
808 }
809 #endregion
810 #endregion
811 }
812 #endregion
813 }

  ViewVC Help
Powered by ViewVC 1.1.22