--- trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs 2012/06/03 15:15:51 246
+++ trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs 2012/06/03 15:27:23 247
@@ -42,12 +42,26 @@ namespace Sojaner.MemoryScanner
public void OpenProcess()
{
- // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
- ProcessMemoryReaderApi.ProcessAccessType access;
- access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
- | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
- | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
- m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
+ try
+ {
+ // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
+ ProcessMemoryReaderApi.ProcessAccessType access;
+ access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
+ | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
+ | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
+ m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
+ }
+ catch (SEHException ex)
+ {
+ logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
+ catch (Exception ex)
+ {
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
}
public void CloseHandle()
@@ -63,11 +77,13 @@ namespace Sojaner.MemoryScanner
}
catch (SEHException ex)
{
+ logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
throw ex;
}
catch (Exception ex)
{
- //System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
+ logger.Error.WriteLine(ex.ToString());
throw ex;
}
}
@@ -195,27 +211,47 @@ namespace Sojaner.MemoryScanner
//logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
return true;
}
+ catch (SEHException ex)
+ {
+ logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
catch (OutOfMemoryException ex)
{
- logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
- logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+ logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
logger.Error.WriteLine(ex.ToString());
}
catch (Exception ex)
{
- logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
- logger.Error.WriteLine("DumpMemory(): Exception");
+ logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
logger.Error.WriteLine(ex.ToString());
+ throw ex;
}
return false;
}
public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
{
- byte[] buffer = new byte[] { };
- IntPtr ptrBytesRead;
- ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
- bytesRead = ptrBytesRead.ToInt32();
- data = buffer;
+ try
+ {
+ byte[] buffer = new byte[] { };
+ IntPtr ptrBytesRead;
+ ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
+ bytesRead = ptrBytesRead.ToInt32();
+ data = buffer;
+ }
+ catch (SEHException ex)
+ {
+ logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
+ catch (Exception ex)
+ {
+ logger.Error.WriteLine("ReadProcessMemory(): Exception");
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
}
#endregion
@@ -226,9 +262,26 @@ namespace Sojaner.MemoryScanner
}
public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
{
- IntPtr ptrBytesWritten;
- ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, (IntPtr)MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
- bytesWritten = ptrBytesWritten.ToInt32();
+ try
+ {
+ IntPtr ptrBytesWritten;
+ ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, (IntPtr)MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
+ bytesWritten = ptrBytesWritten.ToInt32();
+ }
+ catch (SEHException ex)
+ {
+ logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
+ catch (Exception ex)
+ {
+
+ logger.Error.WriteLine("WriteProcessMemory() Exception");
+ logger.Error.WriteLine(ex.ToString());
+ bytesWritten = 0;
+ throw ex;
+ }
}
#endregion
@@ -286,17 +339,22 @@ namespace Sojaner.MemoryScanner
logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
return true;
}
+ catch (SEHException ex)
+ {
+ logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
+ logger.Error.WriteLine(ex.ToString());
+ throw ex;
+ }
catch (OutOfMemoryException ex)
{
- logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
- logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+ logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
logger.Error.WriteLine(ex.ToString());
}
catch (Exception ex)
{
- logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
- logger.Error.WriteLine("DumpMemory(): Exception");
+ logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
logger.Error.WriteLine(ex.ToString());
+ throw ex;
}
return false;
}
|
