/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/05/28 04:14:03	156
+++ trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/05/31 09:08:24	204
@@ -5,6 +5,8 @@
 using System.Threading;
 using System.Runtime.InteropServices;
 using RomCheater.Logging;
+using RomCheater.Core;
+using System.IO;
 
 namespace Sojaner.MemoryScanner
 {
@@ -36,7 +38,7 @@
 
         private Process m_ReadProcess = null;
 
-        private IntPtr m_hProcess = IntPtr.Zero;
+        private static IntPtr m_hProcess = IntPtr.Zero;
 
         public void OpenProcess()
         {
@@ -66,46 +68,281 @@
             }
         }
 
-        public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
+        #region WriteProcessMemoryToFile
+        public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
         {
-            try
-            {
-                byte[] buffer = new byte[bytesToRead - 1];
-
-                IntPtr ptrBytesRead;
-                ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
-
-                bytesRead = ptrBytesRead.ToInt32();
+            RamDumper dumper = new RamDumper();
+            return dumper.DumpMemoryToFile(ReadProcess, filename, MemoryAddress, bytesToRead, out bytesRead);
+        }
+        #endregion
 
-                return buffer;
-            }
-            catch (OutOfMemoryException ex)
-            {
-                logger.Error.WriteLine("ReadProcessMemory(): OutOfMemoryException");
-                logger.Error.WriteLine(ex.ToString());
-            }
-            catch (Exception ex)
-            {
-                logger.Error.WriteLine("ReadProcessMemory(): Exception");
-                logger.Error.WriteLine(ex.ToString());
-            }
-            bytesRead = 0; 
-            return new byte[] { };
+        #region ReadProcessMemory
+        public byte[] ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead)
+        {
+            RamDumper dumper = new RamDumper();
+            return dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead);
         }
+        #endregion
 
-        public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
+        #region ReadProcessMemory
+        public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out uint address)
+        {
+            RamDumper dumper = new RamDumper();
+            return dumper.ReadFirstNonZeroByte(ReadProcess, MemoryAddress, bytesToRead, out address);
+        }
+        #endregion
+        #region WriteProcessMemory
+        public void WriteProcessMemory(UIntPtr MemoryAddress, byte byteToWrite, out int bytesWritten)
+        {
+            WriteProcessMemory(MemoryAddress, new byte[] { byteToWrite }, out bytesWritten);
+        }
+        public void WriteProcessMemory(UIntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
         {
             IntPtr ptrBytesWritten;
             ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
-
             bytesWritten = ptrBytesWritten.ToInt32();
         }
+        #endregion
 
+        #region RamDumper
+        private interface IRamDumper
+        {
+           bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead);
+           byte[] DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead);
+        }
+        private class RamDumper : IRamDumper
+        {
+            public RamDumper() { }
+            private void InitMemoryDump(out uint byte_alignment)
+            {
+                byte_alignment = 102400; // get memory in 100mb chunks
+            }
+            #region IRamDumper members
+            #region DumpMemoryToFile
+            public bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
+            {
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                bytesRead = 0;
+                uint byte_alignment = 0;
+                // get common init parameters
+                InitMemoryDump(out byte_alignment);
+                uint address = MemoryAddress;
+                uint _bytesToRead = bytesToRead;
+                byte[] buffer = new byte[] { };
+                try
+                {
+                    FileInfo fi = new FileInfo(filename);
+                    if (fi.Exists)
+                        fi.Delete();
+                    using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
+                    {
+                        BinaryWriter bw = new BinaryWriter(fs);
+                        //foreach (byte b in data) { bw.Write(b); }
+
+                        for (uint i = 0; i <= bytesToRead; )
+                        {
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                _bytesToRead = bytesToRead;
+                                buffer = new byte[_bytesToRead];
+                            }
+                            else
+                            {
+                                _bytesToRead = byte_alignment;
+                                buffer = new byte[byte_alignment];
+                            }
+                            IntPtr ptrBytesRead;
+
+                            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, buffer, _bytesToRead, out ptrBytesRead);
+                            bytesRead = ptrBytesRead.ToInt32();
+                            bw.Write(buffer);
+                            bw.Flush();
+
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                i += _bytesToRead;
+                                address += _bytesToRead;
+                            }
+                            else
+                            {
+                                i += byte_alignment;
+                                address += byte_alignment;
+                            }
+
+
+                        }
+                        bw.Close();
+                    }
+                    logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    return true;
+                }
+                catch (OutOfMemoryException ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                catch (Exception ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): Exception");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                return false;
+            }
+            #endregion
+            #region DumpMemoryToByteArray
+            public byte[] DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead)
+            {
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                bytesRead = 0;
+                uint byte_alignment = 1;
+                // get common init parameters
+                //InitMemoryDump(out byte_alignment);
+                uint address = MemoryAddress;
+                uint _bytesToRead = bytesToRead;
+                byte[] buffer = new byte[] { };
+                try
+                {
+                    using (MemoryStream ms = new MemoryStream())
+                    {
+                        BinaryWriter bw = new BinaryWriter(ms);
+                        //foreach (byte b in data) { bw.Write(b); }
+
+                        for (uint i = 0; i <= bytesToRead; )
+                        {
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                _bytesToRead = bytesToRead;
+                                buffer = new byte[_bytesToRead];
+                            }
+                            else
+                            {
+                                _bytesToRead = byte_alignment;
+                                buffer = new byte[byte_alignment];
+                            }
+                            IntPtr ptrBytesRead;
+
+                            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, buffer, _bytesToRead, out ptrBytesRead);
+                            bytesRead = ptrBytesRead.ToInt32();
+                            bw.Write(buffer);
+                            bw.Flush();
+
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                i += _bytesToRead;
+                                address += _bytesToRead;
+                            }
+                            else
+                            {
+                                i += byte_alignment;
+                                address += byte_alignment;
+                            }
+
+
+                        }
+                        bw.Close();
+                        return ms.ToArray();
+                    }
+                    //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                }
+                catch (OutOfMemoryException ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                catch (Exception ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): Exception");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                return new byte[]{};
+            }
+            #endregion
+            #endregion
 
+            #region ReadFirstNonZeroByte
+            public bool ReadFirstNonZeroByte(Process ppid, uint MemoryAddress, uint bytesToRead, out uint address)
+            {
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                address = 0;
+                uint byte_alignment = 1;
+                // get common init parameters
+                //InitMemoryDump(out byte_alignment);
+                uint mem_address = MemoryAddress;
+                uint _bytesToRead = bytesToRead;
+                byte[] buffer = new byte[] { };
+                try
+                {
+                    //using (MemoryStream ms = new MemoryStream())
+                    //{
+                    //    //BinaryWriter bw = new BinaryWriter(ms);
+                    //    //foreach (byte b in data) { bw.Write(b); }
+                        for (uint i = 0; i <= bytesToRead; )
+                        {
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                _bytesToRead = bytesToRead;
+                                buffer = new byte[_bytesToRead];
+                            }
+                            else
+                            {
+                                _bytesToRead = byte_alignment;
+                                buffer = new byte[byte_alignment];
+                            }
+                            IntPtr ptrBytesRead;
+                            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)mem_address, buffer, _bytesToRead, out ptrBytesRead);
+                            //bw.Write(buffer);
+                            //bw.Flush();
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                i += _bytesToRead;
+                                mem_address += _bytesToRead;
+                            }
+                            else
+                            {
+                                i += byte_alignment;
+                                mem_address += byte_alignment;
+                            }
+                            for (uint j = 0; j < buffer.Length; j++)
+                            {
+                                if (buffer[j] != 0)
+                                {
+                                    address = mem_address;
+                                    break;
+                                }
+                            }
+                            if (address != 0)
+                                break;
+                        }
+                    //    bw.Close();
+                    //}
+                    //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    return true;
+                }
+                catch (OutOfMemoryException ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                catch (Exception ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): Exception");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                return false;
+            }
+            #endregion
+        }
+        #endregion
         /// <summary>
         /// ProcessMemoryReader is a class that enables direct reading a process memory
         /// </summary>
-        class ProcessMemoryReaderApi
+        public class ProcessMemoryReaderApi
         {
             // constants information can be found in <winnt.h>
             [Flags]
@@ -148,7 +385,7 @@
             //			SIZE_T * lpNumberOfBytesRead  // number of bytes read
             //			);
             [DllImport("kernel32.dll")]
-            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
+            public static extern Int32 ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
 
             //		BOOL WriteProcessMemory(
             //			HANDLE hProcess,                // handle to process
@@ -158,7 +395,7 @@
             //			SIZE_T * lpNumberOfBytesWritten // count of bytes written
             //			);
             [DllImport("kernel32.dll")]
-            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
+            public static extern Int32 WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
 
 
         }

 

  ViewVC Help
Powered by ViewVC 1.1.22