/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/05/31 07:13:43	198
+++ trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/06/02 18:31:40	229
@@ -14,7 +14,7 @@
     #region ProcessMemoryReader class
     //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
     //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
-    public class ProcessMemoryReader
+    public class ProcessMemoryReader : IPatchMemory, IReadMemory
     {
 
         public ProcessMemoryReader()
@@ -77,13 +77,25 @@
         #endregion
 
         #region ReadProcessMemory
-        public byte[] ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead)
+        public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
         {
             RamDumper dumper = new RamDumper();
-            return dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead);
+            dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead, out data);
         }
+        //public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead,out sbyte[] data)
+        //{
+        //    RamDumper dumper = new RamDumper();
+        //    dumper.DumpMemoryToByteArray(ReadProcess, MemoryAddress, bytesToRead, out bytesRead, out data);
+        //}
         #endregion
 
+        #region ReadProcessMemory
+        public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out uint address)
+        {
+            RamDumper dumper = new RamDumper();
+            return dumper.ReadFirstNonZeroByte(ReadProcess, MemoryAddress, bytesToRead, out address);
+        }
+        #endregion
         #region WriteProcessMemory
         public void WriteProcessMemory(UIntPtr MemoryAddress, byte byteToWrite, out int bytesWritten)
         {
@@ -97,11 +109,241 @@
         }
         #endregion
 
+
+        #region IPatchMemory members
+        public bool PatchMemory(uint address, byte value) 
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            byte check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, sbyte value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            sbyte check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, ushort value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            ushort check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, short value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            short check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, uint value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            uint check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, int value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            int check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, ulong value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            ulong check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        public bool PatchMemory(uint address, long value)
+        {
+            int bytesWritten;
+            byte[] bitData = BitConverter.GetBytes(value);
+            WriteProcessMemory((UIntPtr)address, bitData, out bytesWritten);
+            CloseHandle();
+            long check = 0;
+            ReadMemory(address, out check);
+            if (check == value) return true;
+            return false;
+        }
+        #endregion
+        #region IReadMemory members
+        public bool ReadMemory(uint address, out byte value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = bitData[0];
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out sbyte value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = Convert.ToSByte(bitData[0]);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out ushort value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToUInt16(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out short value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToInt16(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out uint value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToUInt32(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out int value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToInt32(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out ulong value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToUInt64(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        public bool ReadMemory(uint address, out long value)
+        {
+            try
+            {
+                value = 0;
+                int bytesReadSize;
+                byte[] bitData;
+                ReadProcessMemory(address, sizeof(byte), out bytesReadSize, out bitData);
+                value = BitConverter.ToInt64(bitData, 0);
+                return true;
+            }
+            catch
+            {
+                value = 0x00;
+                return false;
+            }
+        }
+        #endregion
+
         #region RamDumper
         private interface IRamDumper
         {
            bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead);
-           byte[] DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead);
+           void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data);
         }
         private class RamDumper : IRamDumper
         {
@@ -114,7 +356,7 @@
             #region DumpMemoryToFile
             public bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
             {
-                logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
                 bytesRead = 0;
                 uint byte_alignment = 0;
                 // get common init parameters
@@ -185,13 +427,14 @@
             }
             #endregion
             #region DumpMemoryToByteArray
-            public byte[] DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead)
+            public void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
             {
-                logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                data = new byte[] { };
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
                 bytesRead = 0;
-                uint byte_alignment = 0;
+                uint byte_alignment = 1;
                 // get common init parameters
-                InitMemoryDump(out byte_alignment);
+                //InitMemoryDump(out byte_alignment);
                 uint address = MemoryAddress;
                 uint _bytesToRead = bytesToRead;
                 byte[] buffer = new byte[] { };
@@ -235,9 +478,9 @@
 
                         }
                         bw.Close();
-                        return ms.ToArray();
+                        data = ms.ToArray();
                     }
-                    logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
                 }
                 catch (OutOfMemoryException ex)
                 {
@@ -251,9 +494,153 @@
                     logger.Error.WriteLine("DumpMemory(): Exception");
                     logger.Error.WriteLine(ex.ToString());
                 }
-                return new byte[]{};
             }
             #endregion
+            #region DumpMemoryToByteArray (sbyte)
+            //public void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out sbyte[] data)
+            //{
+            //    data = new sbyte[] { };
+            //    //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+            //    bytesRead = 0;
+            //    uint byte_alignment = 1;
+            //    // get common init parameters
+            //    //InitMemoryDump(out byte_alignment);
+            //    uint address = MemoryAddress;
+            //    uint _bytesToRead = bytesToRead;
+            //    sbyte[] buffer = new sbyte[] { };
+            //    try
+            //    {
+            //        using (MemoryStream ms = new MemoryStream())
+            //        {
+            //            BinaryWriter bw = new BinaryWriter(ms);
+            //            //foreach (byte b in data) { bw.Write(b); }
+
+            //            for (uint i = 0; i <= bytesToRead; )
+            //            {
+            //                if (_bytesToRead < byte_alignment)
+            //                {
+            //                    _bytesToRead = bytesToRead;
+            //                    buffer = new sbyte[_bytesToRead];
+            //                }
+            //                else
+            //                {
+            //                    _bytesToRead = byte_alignment;
+            //                    buffer = new sbyte[byte_alignment];
+            //                }
+            //                IntPtr ptrBytesRead;
+
+            //                ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, (byte[])(Array)buffer, _bytesToRead, out ptrBytesRead);
+            //                bytesRead = ptrBytesRead.ToInt32();
+            //                bw.Write((byte[])(Array)buffer);
+            //                bw.Flush();
+
+            //                if (_bytesToRead < byte_alignment)
+            //                {
+            //                    i += _bytesToRead;
+            //                    address += _bytesToRead;
+            //                }
+            //                else
+            //                {
+            //                    i += byte_alignment;
+            //                    address += byte_alignment;
+            //                }
+
+
+            //            }
+            //            bw.Close();
+            //            data = (sbyte[])(Array)ms.ToArray();
+            //        }
+            //        //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+            //    }
+            //    catch (OutOfMemoryException ex)
+            //    {
+            //        logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+            //        logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+            //        logger.Error.WriteLine(ex.ToString());
+            //    }
+            //    catch (Exception ex)
+            //    {
+            //        logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+            //        logger.Error.WriteLine("DumpMemory(): Exception");
+            //        logger.Error.WriteLine(ex.ToString());
+            //    }
+            //}
+            #endregion
+            #endregion
+
+            #region ReadFirstNonZeroByte
+            public bool ReadFirstNonZeroByte(Process ppid, uint MemoryAddress, uint bytesToRead, out uint address)
+            {
+                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                address = 0;
+                uint byte_alignment = 1;
+                // get common init parameters
+                //InitMemoryDump(out byte_alignment);
+                uint mem_address = MemoryAddress;
+                uint _bytesToRead = bytesToRead;
+                byte[] buffer = new byte[] { };
+                try
+                {
+                    //using (MemoryStream ms = new MemoryStream())
+                    //{
+                    //    //BinaryWriter bw = new BinaryWriter(ms);
+                    //    //foreach (byte b in data) { bw.Write(b); }
+                        for (uint i = 0; i <= bytesToRead; )
+                        {
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                _bytesToRead = bytesToRead;
+                                buffer = new byte[_bytesToRead];
+                            }
+                            else
+                            {
+                                _bytesToRead = byte_alignment;
+                                buffer = new byte[byte_alignment];
+                            }
+                            IntPtr ptrBytesRead;
+                            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)mem_address, buffer, _bytesToRead, out ptrBytesRead);
+                            //bw.Write(buffer);
+                            //bw.Flush();
+                            if (_bytesToRead < byte_alignment)
+                            {
+                                i += _bytesToRead;
+                                mem_address += _bytesToRead;
+                            }
+                            else
+                            {
+                                i += byte_alignment;
+                                mem_address += byte_alignment;
+                            }
+                            for (uint j = 0; j < buffer.Length; j++)
+                            {
+                                if (buffer[j] != 0)
+                                {
+                                    address = mem_address;
+                                    break;
+                                }
+                            }
+                            if (address != 0)
+                                break;
+                        }
+                    //    bw.Close();
+                    //}
+                    //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    return true;
+                }
+                catch (OutOfMemoryException ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                catch (Exception ex)
+                {
+                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
+                    logger.Error.WriteLine("DumpMemory(): Exception");
+                    logger.Error.WriteLine(ex.ToString());
+                }
+                return false;
+            }
             #endregion
         }
         #endregion

 

  ViewVC Help
Powered by ViewVC 1.1.22