--- trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs 2012/05/31 08:38:16 202
+++ trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs 2012/05/31 09:03:53 203
@@ -84,6 +84,13 @@ namespace Sojaner.MemoryScanner
}
#endregion
+ #region ReadProcessMemory
+ public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out uint address)
+ {
+ RamDumper dumper = new RamDumper();
+ return dumper.ReadFirstNonZeroByte(ReadProcess, MemoryAddress, bytesToRead, out address);
+ }
+ #endregion
#region WriteProcessMemory
public void WriteProcessMemory(UIntPtr MemoryAddress, byte byteToWrite, out int bytesWritten)
{
@@ -255,6 +262,81 @@ namespace Sojaner.MemoryScanner
}
#endregion
#endregion
+
+ #region ReadFirstNonZeroByte
+ public bool ReadFirstNonZeroByte(Process ppid, uint MemoryAddress, uint bytesToRead, out uint address)
+ {
+ //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+ address = 0;
+ uint byte_alignment = 1;
+ // get common init parameters
+ //InitMemoryDump(out byte_alignment);
+ uint mem_address = MemoryAddress;
+ uint _bytesToRead = bytesToRead;
+ byte[] buffer = new byte[] { };
+ try
+ {
+ //using (MemoryStream ms = new MemoryStream())
+ //{
+ // //BinaryWriter bw = new BinaryWriter(ms);
+ // //foreach (byte b in data) { bw.Write(b); }
+ for (uint i = 0; i <= bytesToRead; )
+ {
+ if (_bytesToRead < byte_alignment)
+ {
+ _bytesToRead = bytesToRead;
+ buffer = new byte[_bytesToRead];
+ }
+ else
+ {
+ _bytesToRead = byte_alignment;
+ buffer = new byte[byte_alignment];
+ }
+ IntPtr ptrBytesRead;
+ ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)mem_address, buffer, _bytesToRead, out ptrBytesRead);
+ //bw.Write(buffer);
+ //bw.Flush();
+ if (_bytesToRead < byte_alignment)
+ {
+ i += _bytesToRead;
+ mem_address += _bytesToRead;
+ }
+ else
+ {
+ i += byte_alignment;
+ mem_address += byte_alignment;
+ }
+ for (uint j = 0; j < buffer.Length; j++)
+ {
+ if (buffer[j] != 0)
+ {
+ address = mem_address;
+ break;
+ }
+ }
+ if (address != 0)
+ break;
+ }
+ // bw.Close();
+ //}
+ //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+ return true;
+ }
+ catch (OutOfMemoryException ex)
+ {
+ logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+ logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+ logger.Error.WriteLine(ex.ToString());
+ }
+ catch (Exception ex)
+ {
+ logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+ logger.Error.WriteLine("DumpMemory(): Exception");
+ logger.Error.WriteLine(ex.ToString());
+ }
+ return false;
+ }
+ #endregion
}
#endregion
/// <summary>
|
