ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/RomCheater/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
Revision: 409
Committed: Thu Jun 21 20:02:40 2012 UTC (11 years, 5 months ago) by william
File size: 34475 byte(s)
Log Message:

File Contents

# Content
1 using System;
2 using System.Collections.Generic;
3 using System.Text;
4 using System.Diagnostics;
5 using System.Threading;
6 using System.Runtime.InteropServices;
7 using RomCheater.Logging;
8 using System.IO;
9 using Sojaner.MemoryScanner.MemoryProviers;
10 using Microsoft.Win32.SafeHandles;
11 using Microsoft.Win32.Interop;
12 using System.ComponentModel;
13 using ManagedWinapi;
14 using RomCheater.PluginFramework.Events;
15
16 namespace Sojaner.MemoryScanner
17 {
18 // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
19 #region ProcessMemoryReader class
20 //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
21 //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
22 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
23 {
24 // constants information can be found in <winnt.h>
25 [Flags]
26 public enum ProcessAccessType
27 {
28 PROCESS_TERMINATE = (0x0001),
29 PROCESS_CREATE_THREAD = (0x0002),
30 PROCESS_SET_SESSIONID = (0x0004),
31 PROCESS_VM_OPERATION = (0x0008),
32 PROCESS_VM_READ = (0x0010),
33 PROCESS_VM_WRITE = (0x0020),
34 PROCESS_DUP_HANDLE = (0x0040),
35 PROCESS_CREATE_PROCESS = (0x0080),
36 PROCESS_SET_QUOTA = (0x0100),
37 PROCESS_SET_INFORMATION = (0x0200),
38 PROCESS_QUERY_INFORMATION = (0x0400)
39 }
40 [Flags]
41 public enum AllocationProtect : uint
42 {
43 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
44 NONE = 0,
45 PAGE_NOACCESS = 0x00000001,
46 PAGE_READONLY = 0x00000002,
47 PAGE_READWRITE = 0x00000004,
48 PAGE_WRITECOPY = 0x00000008,
49 PAGE_EXECUTE = 0x00000010,
50 PAGE_EXECUTE_READ = 0x00000020,
51 PAGE_EXECUTE_READWRITE = 0x00000040,
52 PAGE_EXECUTE_WRITECOPY = 0x00000080,
53 PAGE_GUARD = 0x00000100,
54 PAGE_NOCACHE = 0x00000200,
55 PAGE_WRITECOMBINE = 0x00000400
56 }
57 [StructLayout(LayoutKind.Sequential)]
58 public struct MEMORY_BASIC_INFORMATION
59 {
60 public IntPtr BaseAddress;
61 public IntPtr AllocationBase;
62 public AllocationProtect AllocationProtect;
63 public IntPtr RegionSize;
64 public uint State;
65 public uint Protect;
66 public uint Type;
67 }
68
69 public ProcessMemoryReader()
70 {
71 }
72 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
73 /// <summary>
74 /// Process from which to read
75 /// </summary>
76 public Process ReadProcess
77 {
78 get
79 {
80 return m_ReadProcess;
81 }
82 set
83 {
84 m_ReadProcess = value;
85 }
86 }
87
88 private Process m_ReadProcess = null;
89
90 //SafeWaitHandle handle;
91 private static IntPtr handle = IntPtr.Zero;
92 SafeWaitHandle m_hProcess;
93 public void OpenProcess()
94 {
95 try
96 {
97 // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
98 //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
99 //{
100 // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
101 //}
102 ProcessAccessType access;
103 access = ProcessAccessType.PROCESS_VM_READ
104 | ProcessAccessType.PROCESS_VM_WRITE
105 | ProcessAccessType.PROCESS_VM_OPERATION;
106 //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
107 handle = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
108 m_hProcess = new SafeWaitHandle(handle, false);
109 }
110 catch (SEHException ex)
111 {
112 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
113 logger.Error.WriteLine(ex.ToString());
114 throw ex;
115 }
116 catch (Exception ex)
117 {
118 logger.Error.WriteLine(ex.ToString());
119 throw ex;
120 }
121 }
122
123 public void CloseHandle()
124 {
125 try
126 {
127 //if (handle.IsInvalid) { return; }
128 //if (handle.IsClosed) { return; }
129 m_hProcess.Close();
130 m_hProcess.Dispose();
131 m_hProcess = null;
132 handle = IntPtr.Zero;
133 m_ReadProcess = null;
134 //string stack_trace = System.Environment.StackTrace;
135 //int iRetValue;
136 //iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
137 //if (iRetValue == 0)
138 //{
139 // throw new Exception("CloseHandle failed");
140 //}
141 }
142 catch (SEHException ex)
143 {
144 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
145 logger.Error.WriteLine(ex.ToString());
146 throw ex;
147 }
148 catch (Exception ex)
149 {
150 logger.Error.WriteLine(ex.ToString());
151 throw ex;
152 }
153 }
154 /// <summary>
155 /// ProcessMemoryReader is a class that enables direct reading a process memory
156 /// </summary>
157 private class ProcessMemoryReaderApi
158 {
159 [DllImport("kernel32.dll")]
160 public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
161
162 // function declarations are found in the MSDN and in <winbase.h>
163
164 // HANDLE OpenProcess(
165 // DWORD dwDesiredAccess, // access flag
166 // BOOL bInheritHandle, // handle inheritance option
167 // DWORD dwProcessId // process identifier
168 // );
169 [DllImport("kernel32.dll")]
170 public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
171
172 // BOOL CloseHandle(
173 // HANDLE hObject // handle to object
174 // );
175 [DllImport("kernel32.dll")]
176 public static extern Int32 CloseHandle(IntPtr hObject);
177
178 // BOOL ReadProcessMemory(
179 // HANDLE hProcess, // handle to the process
180 // LPCVOID lpBaseAddress, // base of memory area
181 // LPVOID lpBuffer, // data buffer
182 // SIZE_T nSize, // number of bytes to read
183 // SIZE_T * lpNumberOfBytesRead // number of bytes read
184 // );
185 [DllImport("kernel32.dll", SetLastError = true)]
186 public static extern bool ReadProcessMemory(
187 IntPtr hProcess,
188 IntPtr lpBaseAddress,
189 [Out] byte[] lpBuffer,
190 uint dwSize,
191 out int lpNumberOfBytesRead
192 );
193
194 // BOOL WriteProcessMemory(
195 // HANDLE hProcess, // handle to process
196 // LPVOID lpBaseAddress, // base of memory area
197 // LPCVOID lpBuffer, // data buffer
198 // SIZE_T nSize, // count of bytes to write
199 // SIZE_T * lpNumberOfBytesWritten // count of bytes written
200 // );
201 [DllImport("kernel32.dll", SetLastError = true)]
202 public static extern bool WriteProcessMemory(
203 IntPtr hProcess,
204 IntPtr lpBaseAddress,
205 byte[] lpBuffer,
206 uint nSize,
207 out UIntPtr lpNumberOfBytesWritten);
208
209
210 }
211
212 #region IMemoryReader Members
213 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
214 public bool ReadFirstNonZeroByte(int MemoryAddress, uint bytesToRead, out int address)
215 {
216 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
217 address = 0;
218 uint byte_alignment = 1;
219 // get common init parameters
220 //InitMemoryDump(out byte_alignment);
221 int mem_address = MemoryAddress;
222 uint _bytesToRead = bytesToRead;
223 byte[] buffer = new byte[] { };
224 try
225 {
226 //using (MemoryStream ms = new MemoryStream())
227 //{
228 // //BinaryWriter bw = new BinaryWriter(ms);
229 // //foreach (byte b in data) { bw.Write(b); }
230 for (uint i = 0; i <= bytesToRead; )
231 {
232 if (_bytesToRead < byte_alignment)
233 {
234 _bytesToRead = bytesToRead;
235 buffer = new byte[_bytesToRead];
236 }
237 else
238 {
239 _bytesToRead = byte_alignment;
240 buffer = new byte[byte_alignment];
241 }
242 int bytesRead = 0;
243 ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
244 if (buffer.Length == 0 && bytesRead == 0)
245 {
246 throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
247 }
248 //bw.Write(buffer);
249 //bw.Flush();
250 if (_bytesToRead < byte_alignment)
251 {
252 i += _bytesToRead;
253 mem_address += (int)_bytesToRead;
254 }
255 else
256 {
257 i += byte_alignment;
258 mem_address += (int)byte_alignment;
259 }
260 for (uint j = 0; j < buffer.Length; j++)
261 {
262 if (buffer[j] != 0)
263 {
264 address = mem_address;
265 break;
266 }
267 }
268 if (address != 0)
269 break;
270 }
271 // bw.Close();
272 //}
273 //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
274 return true;
275 }
276 catch (SEHException ex)
277 {
278 logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
279 logger.Error.WriteLine(ex.ToString());
280 throw ex;
281 }
282 catch (OutOfMemoryException ex)
283 {
284 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
285 logger.Error.WriteLine(ex.ToString());
286 }
287 catch (Exception ex)
288 {
289 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
290 logger.Error.WriteLine(ex.ToString());
291 throw ex;
292 }
293 return false;
294 }
295 #endregion
296
297 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead,object UserState)
298 {
299 uint size = 1024 * 128;
300 for (uint j = MemoryAddress; j < bytesToRead; j += size)
301 {
302 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
303 {
304 byte[] bigMem = mem.Read();
305 if (this.OnBytesRead != null)
306 this.OnBytesRead.Invoke(new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead));
307 bigMem = null;
308 }
309 }
310 }
311 public void ReadProcessMemoryAtOnce(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
312 {
313 Stopwatch st = new Stopwatch();
314 st.Start();
315 uint size = 1024 * 64;
316 List<byte> buffer_list = new List<byte>();
317 for (uint j = MemoryAddress; j < bytesToRead; j += size)
318 {
319 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
320 {
321 byte[] bigMem = mem.Read();
322 foreach (byte b in bigMem) { buffer_list.Add(b); }
323 bigMem = null;
324 }
325 }
326 bytesRead = buffer_list.Count;
327 data = new byte[bytesToRead];
328 data.Initialize();
329 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
330 st.Stop();
331 logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
332 }
333
334 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
335 public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
336 {
337 ReadProcessMemory((uint)MemoryAddress, bytesToRead, out bytesRead, out data);
338 }
339 public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
340 {
341 try
342 {
343 bytesRead = 0;
344 data = new byte[bytesToRead];
345 const int alignment = 1;
346 List<byte> buffer_list = new List<byte>();
347 uint _MemoryAddress = MemoryAddress;
348 for (int i = 0; i < bytesToRead; i++)
349 {
350 byte[] buffer = new byte[alignment];
351 int _bytesRead = 0;
352 MEMORY_BASIC_INFORMATION m;
353 ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
354
355 if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
356 m.AllocationProtect == 0)
357 {
358 uint OrignalAddress = _MemoryAddress;
359 while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
360 {
361 ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
362 _MemoryAddress++;
363 buffer_list.Add(0);
364 }
365 _MemoryAddress--;
366 uint diff = _MemoryAddress - OrignalAddress;
367 i += (int)diff;
368 buffer_list.RemoveAt(buffer_list.Count-1);
369 }
370
371 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
372 int LastError = Marshal.GetLastWin32Error();
373 if (LastError != ResultWin32.ERROR_SUCCESS)
374 {
375 string ErrorName = ResultWin32.GetErrorName(LastError);
376 }
377 if (_bytesRead > 0)
378 {
379 foreach (byte b in buffer)
380 {
381 buffer_list.Add(b);
382 }
383 _MemoryAddress += (uint)buffer.Length;
384 }
385 }
386 bytesRead = buffer_list.Count;
387 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
388 }
389 catch (SEHException ex)
390 {
391 logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
392 logger.Error.WriteLine(ex.ToString());
393 throw ex;
394 }
395 catch (Exception ex)
396 {
397 logger.Error.WriteLine("ReadProcessMemory(): Exception");
398 logger.Error.WriteLine(ex.ToString());
399 throw ex;
400 }
401 }
402 #endregion
403 #endregion
404
405 #region IMemoryWriter Members
406 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
407 public void WriteProcessMemory(int MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
408 {
409 uint _bytesWritten = 0;
410 WriteProcessMemory((uint)MemoryAddress, bytesToWrite, out _bytesWritten);
411 bytesWritten = (int)_bytesWritten;
412 }
413 public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out uint bytesWritten)
414 {
415 try
416 {
417 uint _bytesWritten = 0;
418 uint _MemoryAddress = MemoryAddress;
419 for (int i = 0; i < bytesToWrite.Length; i++)
420 {
421 UIntPtr _ptrBytesWritten = UIntPtr.Zero;
422 byte[] buffer = new byte[] { bytesToWrite[i] };
423 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
424 _MemoryAddress++;
425 _bytesWritten++;
426 }
427 bytesWritten = _bytesWritten;
428 }
429 catch (SEHException ex)
430 {
431 logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
432 logger.Error.WriteLine(ex.ToString());
433 throw ex;
434 }
435 catch (Exception ex)
436 {
437
438 logger.Error.WriteLine("WriteProcessMemory() Exception");
439 logger.Error.WriteLine(ex.ToString());
440 bytesWritten = 0;
441 throw ex;
442 }
443 }
444 #endregion
445 #endregion
446
447 #region IFileWriter Members
448 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
449 public bool WriteProcessMemoryToFile(string filename, int MemoryAddress, uint bytesToRead, out int bytesRead)
450 {
451 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
452 bytesRead = 0;
453 uint byte_alignment = 102400;
454 int address = MemoryAddress;
455 uint _bytesToRead = bytesToRead;
456 byte[] buffer = new byte[] { };
457 try
458 {
459 FileInfo fi = new FileInfo(filename);
460 if (fi.Exists)
461 fi.Delete();
462 using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
463 {
464 BinaryWriter bw = new BinaryWriter(fs);
465 //foreach (byte b in data) { bw.Write(b); }
466
467 for (uint i = 0; i <= bytesToRead; )
468 {
469 if (_bytesToRead < byte_alignment)
470 {
471 _bytesToRead = bytesToRead;
472 buffer = new byte[_bytesToRead];
473 }
474 else
475 {
476 _bytesToRead = byte_alignment;
477 buffer = new byte[byte_alignment];
478 }
479 ReadProcessMemory(address, _bytesToRead, out bytesRead, out buffer);
480 bw.Write(buffer);
481 bw.Flush();
482
483 if (_bytesToRead < byte_alignment)
484 {
485 i += _bytesToRead;
486 address += (int)_bytesToRead;
487 }
488 else
489 {
490 i += byte_alignment;
491 address += (int)byte_alignment;
492 }
493
494
495 }
496 bw.Close();
497 }
498 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
499 return true;
500 }
501 catch (SEHException ex)
502 {
503 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
504 logger.Error.WriteLine(ex.ToString());
505 throw ex;
506 }
507 catch (OutOfMemoryException ex)
508 {
509 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
510 logger.Error.WriteLine(ex.ToString());
511 }
512 catch (Exception ex)
513 {
514 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
515 logger.Error.WriteLine(ex.ToString());
516 throw ex;
517 }
518 return false;
519 }
520 #endregion
521 #endregion
522
523 #region IPatchMemory members
524 #region public virtual bool PatchMemory(uint address, byte value)
525 public virtual bool PatchMemory(uint address, byte value)
526 {
527 byte[] bitData = BitConverter.GetBytes(value);
528 UIntPtr ptrBytesWritten;
529 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
530 if (ptrBytesWritten.ToUInt32() == 0)
531 return false;
532 byte check = 0;
533 ReadMemory(address, out check);
534 if (check == value) return true;
535 return false;
536 }
537 #endregion
538 #region public virtual bool PatchMemory(uint address, sbyte value)
539 public virtual bool PatchMemory(uint address, sbyte value)
540 {
541 byte[] bitData = BitConverter.GetBytes(value);
542 UIntPtr ptrBytesWritten;
543 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
544 if (ptrBytesWritten.ToUInt32() == 0)
545 return false;
546 sbyte check = 0;
547 ReadMemory(address, out check);
548 if (check == value) return true;
549 return false;
550 }
551 #endregion
552 #region public virtual bool PatchMemory(uint address, ushort value)
553 public virtual bool PatchMemory(uint address, ushort value)
554 {
555 byte[] bitData = BitConverter.GetBytes(value);
556 UIntPtr ptrBytesWritten;
557 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
558 if (ptrBytesWritten.ToUInt32() == 0)
559 return false;
560 ushort check = 0;
561 ReadMemory(address, out check);
562 if (check == value) return true;
563 return false;
564 }
565 #endregion
566 #region public virtual bool PatchMemory(uint address, short value)
567 public virtual bool PatchMemory(uint address, short value)
568 {
569 byte[] bitData = BitConverter.GetBytes(value);
570 UIntPtr ptrBytesWritten;
571 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
572 if (ptrBytesWritten.ToUInt32() == 0)
573 return false;
574 short check = 0;
575 ReadMemory(address, out check);
576 if (check == value) return true;
577 return false;
578 }
579 #endregion
580 #region public virtual bool PatchMemory(uint address, uint value)
581 public virtual bool PatchMemory(uint address, uint value)
582 {
583 byte[] bitData = BitConverter.GetBytes(value);
584 UIntPtr ptrBytesWritten;
585 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
586 if (ptrBytesWritten.ToUInt32() == 0)
587 return false;
588 uint check = 0;
589 ReadMemory(address, out check);
590 if (check == value) return true;
591 return false;
592 }
593 #endregion
594 #region public virtual bool PatchMemory(uint address, int value)
595 public virtual bool PatchMemory(uint address, int value)
596 {
597 byte[] bitData = BitConverter.GetBytes(value);
598 UIntPtr ptrBytesWritten;
599 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
600 if (ptrBytesWritten.ToUInt32() == 0)
601 return false;
602 int check = 0;
603 ReadMemory(address, out check);
604 if (check == value) return true;
605 return false;
606 }
607 #endregion
608 #region public virtual bool PatchMemory(uint address, ulong value)
609 public virtual bool PatchMemory(uint address, ulong value)
610 {
611 byte[] bitData = BitConverter.GetBytes(value);
612 UIntPtr ptrBytesWritten;
613 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
614 if (ptrBytesWritten.ToUInt32() == 0)
615 return false;
616 ulong check = 0;
617 ReadMemory(address, out check);
618 if (check == value) return true;
619 return false;
620 }
621 #endregion
622 #region public virtual bool PatchMemory(uint address, long value)
623 public virtual bool PatchMemory(uint address, long value)
624 {
625 byte[] bitData = BitConverter.GetBytes(value);
626 UIntPtr ptrBytesWritten;
627 ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
628 if (ptrBytesWritten.ToUInt32() == 0)
629 return false;
630 long check = 0;
631 ReadMemory(address, out check);
632 if (check == value) return true;
633 return false;
634 }
635 #endregion
636 #endregion
637
638 #region IReadMemory members
639 #region public virtual bool ReadMemory(uint address, out byte value)
640 public virtual bool ReadMemory(uint address, out byte value)
641 {
642 value = 0;
643 try
644 {
645 int bytesRead;
646 uint size = sizeof(byte);
647 byte[] bitData = new byte[size];
648 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
649 if (bytesRead == 0)
650 return false;
651 value = bitData[0];
652 return true;
653 }
654 catch
655 {
656 value = 0x00;
657 return false;
658 }
659 }
660 #endregion
661 #region public virtual bool ReadMemory(uint address, out sbyte value)
662 public virtual bool ReadMemory(uint address, out sbyte value)
663 {
664 value = 0;
665 try
666 {
667 int bytesRead;
668 uint size = sizeof(sbyte);
669 byte[] bitData = new byte[size];
670 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
671 if (bytesRead == 0)
672 return false;
673 value = Convert.ToSByte(bitData[0]);
674 return true;
675 }
676 catch
677 {
678 value = 0x00;
679 return false;
680 }
681 }
682 #endregion
683 #region public virtual bool ReadMemory(uint address, out ushort value)
684 public virtual bool ReadMemory(uint address, out ushort value)
685 {
686 value = 0;
687 try
688 {
689 int bytesRead;
690 uint size = sizeof(ushort);
691 byte[] bitData = new byte[size];
692 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
693 if (bytesRead == 0)
694 return false;
695 value = BitConverter.ToUInt16(bitData, 0);
696 return true;
697 }
698 catch
699 {
700 value = 0x00;
701 return false;
702 }
703 }
704 #endregion
705 #region public virtual bool ReadMemory(uint address, out short value)
706 public virtual bool ReadMemory(uint address, out short value)
707 {
708 value = 0;
709 try
710 {
711 int bytesRead;
712 uint size = sizeof(short);
713 byte[] bitData = new byte[size];
714 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
715 if (bytesRead == 0)
716 return false;
717 value = BitConverter.ToInt16(bitData, 0);
718 return true;
719 }
720 catch
721 {
722 value = 0x00;
723 return false;
724 }
725 }
726 #endregion
727 #region public virtual bool ReadMemory(uint address, out uint value)
728 public virtual bool ReadMemory(uint address, out uint value)
729 {
730 value = 0;
731 try
732 {
733 int bytesRead;
734 uint size = sizeof(uint);
735 byte[] bitData = new byte[size];
736 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
737 if (bytesRead == 0)
738 return false;
739 value = BitConverter.ToUInt32(bitData, 0);
740 return true;
741 }
742 catch
743 {
744 value = 0x00;
745 return false;
746 }
747 }
748 #endregion
749 #region public virtual bool ReadMemory(uint address, out int value)
750 public virtual bool ReadMemory(uint address, out int value)
751 {
752 value = 0;
753 try
754 {
755 int bytesRead;
756 uint size = sizeof(int);
757 byte[] bitData = new byte[size];
758 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
759 if (bytesRead == 0)
760 return false;
761 value = BitConverter.ToInt32(bitData, 0);
762 return true;
763 }
764 catch
765 {
766 value = 0x00;
767 return false;
768 }
769 }
770 #endregion
771 #region public virtual bool ReadMemory(uint address, out ulong value)
772 public virtual bool ReadMemory(uint address, out ulong value)
773 {
774 value = 0;
775 try
776 {
777 int bytesRead;
778 uint size = sizeof(ulong);
779 byte[] bitData = new byte[size];
780 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
781 if (bytesRead == 0)
782 return false;
783 value = BitConverter.ToUInt64(bitData, 0);
784 return true;
785 }
786 catch
787 {
788 value = 0x00;
789 return false;
790 }
791 }
792 #endregion
793 #region public virtual bool ReadMemory(uint address, out long value)
794 public virtual bool ReadMemory(uint address, out long value)
795 {
796 value = 0;
797 try
798 {
799 int bytesRead;
800 uint size = sizeof(long);
801 byte[] bitData = new byte[size];
802 ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)address, bitData, size, out bytesRead);
803 if (bytesRead == 0)
804 return false;
805 value = BitConverter.ToInt64(bitData, 0);
806 return true;
807 }
808 catch
809 {
810 value = 0x00;
811 return false;
812 }
813 }
814 #endregion
815 #endregion
816 }
817 #endregion
818 }