Win32/Sojaner.MemoryScanner/MemoryScanner.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics;
using System.Threading;
using System.Runtime.InteropServices;
using RomCheater.Logging;

namespace Sojaner.MemoryScanner
{
    // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx    
    #region ProcessMemoryReader class
    //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
    //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
    public class ProcessMemoryReader
    {

        public ProcessMemoryReader()
        {
        }

        /// <summary>   
        /// Process from which to read          
        /// </summary>
        public Process ReadProcess
        {
            get
            {
                return m_ReadProcess;
            }
            set
            {
                m_ReadProcess = value;
            }
        }

        private Process m_ReadProcess = null;

        private IntPtr m_hProcess = IntPtr.Zero;

        public void OpenProcess()
        {
            //                  m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
            ProcessMemoryReaderApi.ProcessAccessType access;
            access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
            m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
        }

        public void CloseHandle()
        {
            try
            {
                int iRetValue;
                iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
                if (iRetValue == 0)
                {
                    throw new Exception("CloseHandle failed");
                }
            }
            catch (Exception ex)
            {
                //System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
                throw ex;
            }
        }

        public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
        {
            try
            {
                byte[] buffer = new byte[bytesToRead - 1];

                IntPtr ptrBytesRead;
                ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);

                bytesRead = ptrBytesRead.ToInt32();

                return buffer;
            }
            catch (OutOfMemoryException ex)
            {
                logger.Error.WriteLine("ReadProcessMemory(): OutOfMemoryException");
                logger.Error.WriteLine(ex.ToString());
            }
            catch (Exception ex)
            {
                logger.Error.WriteLine("ReadProcessMemory(): Exception");
                logger.Error.WriteLine(ex.ToString());
            }
            bytesRead = 0; 
            return new byte[] { };
        }

        public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
        {
            IntPtr ptrBytesWritten;
            ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);

            bytesWritten = ptrBytesWritten.ToInt32();
        }


        /// <summary>
        /// ProcessMemoryReader is a class that enables direct reading a process memory
        /// </summary>
        class ProcessMemoryReaderApi
        {
            // constants information can be found in <winnt.h>
            [Flags]
            public enum ProcessAccessType
            {
                PROCESS_TERMINATE = (0x0001),
                PROCESS_CREATE_THREAD = (0x0002),
                PROCESS_SET_SESSIONID = (0x0004),
                PROCESS_VM_OPERATION = (0x0008),
                PROCESS_VM_READ = (0x0010),
                PROCESS_VM_WRITE = (0x0020),
                PROCESS_DUP_HANDLE = (0x0040),
                PROCESS_CREATE_PROCESS = (0x0080),
                PROCESS_SET_QUOTA = (0x0100),
                PROCESS_SET_INFORMATION = (0x0200),
                PROCESS_QUERY_INFORMATION = (0x0400)
            }

            // function declarations are found in the MSDN and in <winbase.h> 

            //          HANDLE OpenProcess(
            //                  DWORD dwDesiredAccess,  // access flag
            //                  BOOL bInheritHandle,    // handle inheritance option
            //                  DWORD dwProcessId       // process identifier
            //                  );
            [DllImport("kernel32.dll")]
            public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);

            //          BOOL CloseHandle(
            //                  HANDLE hObject   // handle to object
            //                  );
            [DllImport("kernel32.dll")]
            public static extern Int32 CloseHandle(IntPtr hObject);

            //          BOOL ReadProcessMemory(
            //                  HANDLE hProcess,              // handle to the process
            //                  LPCVOID lpBaseAddress,        // base of memory area
            //                  LPVOID lpBuffer,              // data buffer
            //                  SIZE_T nSize,                 // number of bytes to read
            //                  SIZE_T * lpNumberOfBytesRead  // number of bytes read
            //                  );
            [DllImport("kernel32.dll")]
            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

            //          BOOL WriteProcessMemory(
            //                  HANDLE hProcess,                // handle to process
            //                  LPVOID lpBaseAddress,           // base of memory area
            //                  LPCVOID lpBuffer,               // data buffer
            //                  SIZE_T nSize,                   // count of bytes to write
            //                  SIZE_T * lpNumberOfBytesWritten // count of bytes written
            //                  );
            [DllImport("kernel32.dll")]
            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);


        }
    }
    #endregion
}
Revision:	156
Committed:	Mon May 28 04:14:03 2012 UTC (11 years ago) by william
File size:	6560 byte(s)
Log Message:	+ add support for selecting process by different means
#	Content
1	using System;
2	using System.Collections.Generic;
3	using System.Text;
4	using System.Diagnostics;
5	using System.Threading;
6	using System.Runtime.InteropServices;
7	using RomCheater.Logging;
8
9	namespace Sojaner.MemoryScanner
10	{
11	// code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
12	#region ProcessMemoryReader class
13	//Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
14	//For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
15	public class ProcessMemoryReader
16	{
17
18	public ProcessMemoryReader()
19	{
20	}
21
22	/// <summary>
23	/// Process from which to read
24	/// </summary>
25	public Process ReadProcess
26	{
27	get
28	{
29	return m_ReadProcess;
30	}
31	set
32	{
33	m_ReadProcess = value;
34	}
35	}
36
37	private Process m_ReadProcess = null;
38
39	private IntPtr m_hProcess = IntPtr.Zero;
40
41	public void OpenProcess()
42	{
43	// m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
44	ProcessMemoryReaderApi.ProcessAccessType access;
45	access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
46	\| ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
47	\| ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
48	m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
49	}
50
51	public void CloseHandle()
52	{
53	try
54	{
55	int iRetValue;
56	iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
57	if (iRetValue == 0)
58	{
59	throw new Exception("CloseHandle failed");
60	}
61	}
62	catch (Exception ex)
63	{
64	//System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
65	throw ex;
66	}
67	}
68
69	public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
70	{
71	try
72	{
73	byte[] buffer = new byte[bytesToRead - 1];
74
75	IntPtr ptrBytesRead;
76	ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
77
78	bytesRead = ptrBytesRead.ToInt32();
79
80	return buffer;
81	}
82	catch (OutOfMemoryException ex)
83	{
84	logger.Error.WriteLine("ReadProcessMemory(): OutOfMemoryException");
85	logger.Error.WriteLine(ex.ToString());
86	}
87	catch (Exception ex)
88	{
89	logger.Error.WriteLine("ReadProcessMemory(): Exception");
90	logger.Error.WriteLine(ex.ToString());
91	}
92	bytesRead = 0;
93	return new byte[] { };
94	}
95
96	public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
97	{
98	IntPtr ptrBytesWritten;
99	ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
100
101	bytesWritten = ptrBytesWritten.ToInt32();
102	}
103
104
105	/// <summary>
106	/// ProcessMemoryReader is a class that enables direct reading a process memory
107	/// </summary>
108	class ProcessMemoryReaderApi
109	{
110	// constants information can be found in <winnt.h>
111	[Flags]
112	public enum ProcessAccessType
113	{
114	PROCESS_TERMINATE = (0x0001),
115	PROCESS_CREATE_THREAD = (0x0002),
116	PROCESS_SET_SESSIONID = (0x0004),
117	PROCESS_VM_OPERATION = (0x0008),
118	PROCESS_VM_READ = (0x0010),
119	PROCESS_VM_WRITE = (0x0020),
120	PROCESS_DUP_HANDLE = (0x0040),
121	PROCESS_CREATE_PROCESS = (0x0080),
122	PROCESS_SET_QUOTA = (0x0100),
123	PROCESS_SET_INFORMATION = (0x0200),
124	PROCESS_QUERY_INFORMATION = (0x0400)
125	}
126
127	// function declarations are found in the MSDN and in <winbase.h>
128
129	// HANDLE OpenProcess(
130	// DWORD dwDesiredAccess, // access flag
131	// BOOL bInheritHandle, // handle inheritance option
132	// DWORD dwProcessId // process identifier
133	// );
134	[DllImport("kernel32.dll")]
135	public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
136
137	// BOOL CloseHandle(
138	// HANDLE hObject // handle to object
139	// );
140	[DllImport("kernel32.dll")]
141	public static extern Int32 CloseHandle(IntPtr hObject);
142
143	// BOOL ReadProcessMemory(
144	// HANDLE hProcess, // handle to the process
145	// LPCVOID lpBaseAddress, // base of memory area
146	// LPVOID lpBuffer, // data buffer
147	// SIZE_T nSize, // number of bytes to read
148	// SIZE_T * lpNumberOfBytesRead // number of bytes read
149	// );
150	[DllImport("kernel32.dll")]
151	public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
152
153	// BOOL WriteProcessMemory(
154	// HANDLE hProcess, // handle to process
155	// LPVOID lpBaseAddress, // base of memory area
156	// LPCVOID lpBuffer, // data buffer
157	// SIZE_T nSize, // count of bytes to write
158	// SIZE_T * lpNumberOfBytesWritten // count of bytes written
159	// );
160	[DllImport("kernel32.dll")]
161	public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
162
163
164	}
165	}
166	#endregion
167	}