ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/RomCheater/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
Revision: 657
Committed: Sun Jun 9 04:03:36 2013 UTC (10 years, 6 months ago) by william
File size: 38926 byte(s)
Log Message: 
fix ram dump to file:
* dump memory in 32mb chunks, this fixes issues with not being able to hold over 2GB in managed objects

File Contents

# Content
1 #region Logging Defines
2 // include this any class or method that required logging, and comment-out what is not needed
3
4 #region Enabled logging levels
5 #define LOGGING_ENABLE_INFO
6 #define LOGGING_ENABLE_WARN
7 #define LOGGING_ENABLE_DEBUG
8 #define LOGGING_ENABLE_VERBOSEDEBUG
9 #define LOGGING_ENABLE_ERROR
10 #define LOGGING_ENABLE_VERBOSEERROR
11 //#define LOGGING_ENABLE_PROFILER
12 #endregion
13 #endregion
14 using System;
15 using System.Collections.Generic;
16 using System.Text;
17 using System.Diagnostics;
18 using System.Threading;
19 using System.Runtime.InteropServices;
20 using RomCheater.Logging;
21 using System.IO;
22 using Sojaner.MemoryScanner.MemoryProviers;
23 using Microsoft.Win32.SafeHandles;
24 using Microsoft.Win32.Interop;
25 using System.ComponentModel;
26 using ManagedWinapi;
27 using RomCheater.PluginFramework.Events;
28
29 namespace Sojaner.MemoryScanner
30 {
31 // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
32 #region ProcessMemoryReader class
33 //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
34 //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
35 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
36 {
37 // constants information can be found in <winnt.h>
38 [Flags]
39 enum ProcessAccessFlags : uint
40 {
41 All = 0x001F0FFF,
42 Terminate = 0x00000001,
43 CreateThread = 0x00000002,
44 VMOperation = 0x00000008,
45 VMRead = 0x00000010,
46 VMWrite = 0x00000020,
47 DupHandle = 0x00000040,
48 SetInformation = 0x00000200,
49 QueryInformation = 0x00000400,
50 Synchronize = 0x00100000
51 }
52 [Flags]
53 public enum AllocationProtect : uint
54 {
55 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
56 NONE = 0,
57 PAGE_NOACCESS = 0x00000001,
58 PAGE_READONLY = 0x00000002,
59 PAGE_READWRITE = 0x00000004,
60 PAGE_WRITECOPY = 0x00000008,
61 PAGE_EXECUTE = 0x00000010,
62 PAGE_EXECUTE_READ = 0x00000020,
63 PAGE_EXECUTE_READWRITE = 0x00000040,
64 PAGE_EXECUTE_WRITECOPY = 0x00000080,
65 PAGE_GUARD = 0x00000100,
66 PAGE_NOCACHE = 0x00000200,
67 PAGE_WRITECOMBINE = 0x00000400
68 }
69 [StructLayout(LayoutKind.Sequential)]
70 public struct MEMORY_BASIC_INFORMATION
71 {
72 public IntPtr BaseAddress;
73 public IntPtr AllocationBase;
74 public AllocationProtect AllocationProtect;
75 public IntPtr RegionSize;
76 public uint State;
77 public uint Protect;
78 public uint Type;
79 }
80
81 public ProcessMemoryReader()
82 {
83 }
84 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
85 /// <summary>
86 /// Process from which to read
87 /// </summary>
88 public Process ReadProcess
89 {
90 get
91 {
92 return m_ReadProcess;
93 }
94 set
95 {
96 m_ReadProcess = value;
97 }
98 }
99
100 private Process m_ReadProcess = null;
101
102 //SafeWaitHandle handle;
103 //private IntPtr handle = IntPtr.Zero;
104 //SafeWaitHandle m_hProcess; /* unused */
105 //public void OpenProcess()
106 //{
107 // try
108 // {
109 // // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
110 // //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
111 // //{
112 // // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
113 // //}
114 // ProcessAccessFlags access;
115 // access = ProcessAccessFlags.VMRead
116 // | ProcessAccessFlags.VMWrite
117 // | ProcessAccessFlags.VMOperation;
118 // //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
119 // handle = ProcessMemoryReaderApi.OpenProcess(access, true, m_ReadProcess.Id);
120 // //m_hProcess = new SafeWaitHandle(handle, false);
121 // }
122 // catch (SEHException ex)
123 // {
124 // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
125 // logger.Error.WriteLine(ex.ToString());
126 // throw ex;
127 // }
128 // catch (Exception ex)
129 // {
130 // logger.Error.WriteLine(ex.ToString());
131 // throw ex;
132 // }
133 //}
134
135 //public void CloseHandle()
136 //{
137 // try
138 // {
139 // ////if (handle.IsInvalid) { return; }
140 // ////if (handle.IsClosed) { return; }
141 // //m_hProcess.Close();
142 // //m_hProcess.Dispose();
143 // //m_hProcess = null;
144 // //handle = IntPtr.Zero;
145 // //m_ReadProcess = null;
146 // //string stack_trace = System.Environment.StackTrace;
147 // int iRetValue;
148 // iRetValue = ProcessMemoryReaderApi.CloseHandle(handle);
149 // handle = IntPtr.Zero;
150 // ReadProcess = null;
151 // if (iRetValue == 0)
152 // {
153 // throw new Exception("CloseHandle failed");
154 // }
155 // }
156 // catch (SEHException ex)
157 // {
158 // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
159 // logger.Error.WriteLine(ex.ToString());
160 // throw ex;
161 // }
162 // catch (Exception ex)
163 // {
164 // logger.Error.WriteLine(ex.ToString());
165 // throw ex;
166 // }
167 //}
168 ///// <summary>
169 ///// ProcessMemoryReader is a class that enables direct reading a process memory
170 ///// </summary>
171 //private class ProcessMemoryReaderApi
172 ////{
173 //[DllImport("kernel32.dll")]
174 //public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
175
176 // // function declarations are found in the MSDN and in <winbase.h>
177
178 // // HANDLE OpenProcess(
179 // // DWORD dwDesiredAccess, // access flag
180 // // BOOL bInheritHandle, // handle inheritance option
181 // // DWORD dwProcessId // process identifier
182 // // );
183 // [DllImport("kernel32.dll")]
184 // public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
185
186 // // BOOL CloseHandle(
187 // // HANDLE hObject // handle to object
188 // // );
189 // [DllImport("kernel32.dll")]
190 // public static extern Int32 CloseHandle(IntPtr hObject);
191
192 // // BOOL ReadProcessMemory(
193 // // HANDLE hProcess, // handle to the process
194 // // LPCVOID lpBaseAddress, // base of memory area
195 // // LPVOID lpBuffer, // data buffer
196 // // SIZE_T nSize, // number of bytes to read
197 // // SIZE_T * lpNumberOfBytesRead // number of bytes read
198 // // );
199 // [DllImport("kernel32.dll", SetLastError = true)]
200 // public static extern bool ReadProcessMemory(
201 // IntPtr hProcess,
202 // IntPtr lpBaseAddress,
203 // [Out] byte[] lpBuffer,
204 // uint dwSize,
205 // out int lpNumberOfBytesRead
206 // );
207
208 // // BOOL WriteProcessMemory(
209 // // HANDLE hProcess, // handle to process
210 // // LPVOID lpBaseAddress, // base of memory area
211 // // LPCVOID lpBuffer, // data buffer
212 // // SIZE_T nSize, // count of bytes to write
213 // // SIZE_T * lpNumberOfBytesWritten // count of bytes written
214 // // );
215 // [DllImport("kernel32.dll", SetLastError = true)]
216 // public static extern bool WriteProcessMemory(
217 // IntPtr hProcess,
218 // IntPtr lpBaseAddress,
219 // byte[] lpBuffer,
220 // uint nSize,
221 // out UIntPtr lpNumberOfBytesWritten);
222
223
224 //}
225
226 #region IMemoryReader Members
227 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
228 public bool ReadFirstNonZeroByte(ulong MemoryAddress, ulong bytesToRead, out ulong address)
229 {
230 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
231 address = 0;
232 uint byte_alignment = 1;
233 // get common init parameters
234 //InitMemoryDump(out byte_alignment);
235 ulong mem_address = MemoryAddress;
236 ulong _bytesToRead = bytesToRead;
237 byte[] buffer = new byte[] { };
238 try
239 {
240 //using (MemoryStream ms = new MemoryStream())
241 //{
242 // //BinaryWriter bw = new BinaryWriter(ms);
243 // //foreach (byte b in data) { bw.Write(b); }
244 for (ulong i = 0; i <= bytesToRead; )
245 {
246 if (_bytesToRead < byte_alignment)
247 {
248 _bytesToRead = bytesToRead;
249 buffer = new byte[_bytesToRead];
250 }
251 else
252 {
253 _bytesToRead = byte_alignment;
254 buffer = new byte[byte_alignment];
255 }
256 ulong bytesRead = 0;
257 ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
258 if (buffer.Length == 0 && bytesRead == 0)
259 {
260 throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
261 }
262 //bw.Write(buffer);
263 //bw.Flush();
264 if (_bytesToRead < byte_alignment)
265 {
266 i += _bytesToRead;
267 mem_address += (ulong)_bytesToRead;
268 }
269 else
270 {
271 i += byte_alignment;
272 mem_address += (ulong)byte_alignment;
273 }
274 for (uint j = 0; j < buffer.Length; j++)
275 {
276 if (buffer[j] != 0)
277 {
278 address = mem_address;
279 break;
280 }
281 }
282 if (address != 0)
283 break;
284 }
285 // bw.Close();
286 //}
287 //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
288 return true;
289 }
290 catch (SEHException ex)
291 {
292 logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
293 logger.Error.WriteLine(ex.ToString());
294 throw ex;
295 }
296 catch (OutOfMemoryException ex)
297 {
298 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
299 logger.Error.WriteLine(ex.ToString());
300 }
301 catch (Exception ex)
302 {
303 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
304 logger.Error.WriteLine(ex.ToString());
305 throw ex;
306 }
307 return false;
308 }
309 #endregion
310
311
312 public List<MEMORY_REGION_INFORMATION> QueryMemoryRegions(ulong start, ulong size)
313 {
314 List<MEMORY_REGION_INFORMATION> regions = new List<MEMORY_REGION_INFORMATION>();
315 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)0, 0))
316 {
317 regions = mem.QueryMemoryRegions(start, size);
318 }
319 return regions;
320 }
321
322 public void UpdateAddressArray(ulong[] addresses, ulong size, out byte[][] values)
323 {
324 // size = size of data to read at each address
325 values = new byte[addresses.Length][];
326 for (int x = 0; x < values.Length; x++) { values[x] = new byte[size]; }
327
328 for (ulong i = 0; i < (ulong)addresses.Length; i++)
329 {
330 byte[] data = new byte[size];
331 ulong bytesRead = 0;
332 var address = addresses[i];
333 this.ReadProcessMemory(address, size, out bytesRead, out data);
334 values[i] = data;
335 }
336 }
337
338
339 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, ulong bytesToRead, object UserState)
340 {
341 uint size = 128;
342 //int count = 0;
343 for (ulong j = MemoryAddress; j < (MemoryAddress + bytesToRead); j += size)
344 {
345 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
346 {
347 byte[] bigMem = mem.Read();
348 //count += bigMem.Length;
349 if (this.OnBytesRead != null)
350 {
351 OnBytesReadEventArgs t = new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead);
352 this.OnBytesRead.Invoke(t);
353 if (t.Canceled)
354 {
355 bigMem = null;
356 break;
357 }
358
359 }
360 bigMem = null;
361 }
362 }
363 }
364 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead, out byte[] data)
365 {
366 Stopwatch st = new Stopwatch();
367 st.Start();
368 List<byte> buffer_list = new List<byte>();
369 //for (uint j = MemoryAddress; j < (MemoryAddress+bytesToRead); j += size)
370 //{
371 // using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)bytesToRead))
372 // {
373 // byte[] bigMem = mem.Read();
374 // foreach (byte b in bigMem) { buffer_list.Add(b); }
375 // bigMem = null;
376 // }
377 //}
378
379
380
381 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToRead))
382 {
383 byte[] bigMem = mem.Read();
384 foreach (byte b in bigMem) { buffer_list.Add(b); }
385 bigMem = null;
386 }
387
388 bytesRead = (ulong)buffer_list.Count;
389 data = new byte[bytesToRead];
390 data.Initialize();
391 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
392 st.Stop();
393 logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
394 }
395 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
396 public void ReadProcessMemory(long MemoryAddress, long bytesToRead, out ulong bytesRead, out byte[] data)
397 {
398 ReadProcessMemory((ulong)MemoryAddress, (ulong)bytesToRead, out bytesRead, out data);
399 }
400 public void ReadProcessMemory(ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead, out byte[] data)
401 {
402 try
403 {
404 ReadProcessMemoryAtOnce(MemoryAddress, bytesToRead, out bytesRead, out data);
405 //bytesRead = 0;
406 //data = new byte[bytesToRead];
407 //const int alignment = 1;
408 //List<byte> buffer_list = new List<byte>();
409 //uint _MemoryAddress = MemoryAddress;
410 //for (int i = 0; i < bytesToRead; i++)
411 //{
412 // byte[] buffer = new byte[alignment];
413 // int _bytesRead = 0;
414 // MEMORY_BASIC_INFORMATION m;
415 // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
416
417 // if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
418 // m.AllocationProtect == 0)
419 // {
420 // uint OrignalAddress = _MemoryAddress;
421 // while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
422 // {
423 // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
424 // _MemoryAddress++;
425 // buffer_list.Add(0);
426 // }
427 // _MemoryAddress--;
428 // uint diff = _MemoryAddress - OrignalAddress;
429 // i += (int)diff;
430 // buffer_list.RemoveAt(buffer_list.Count-1);
431 // }
432
433 // ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
434 // int LastError = Marshal.GetLastWin32Error();
435 // if (LastError != ResultWin32.ERROR_SUCCESS)
436 // {
437 // string ErrorName = ResultWin32.GetErrorName(LastError);
438 // }
439 // if (_bytesRead > 0)
440 // {
441 // foreach (byte b in buffer)
442 // {
443 // buffer_list.Add(b);
444 // }
445 // _MemoryAddress += (uint)buffer.Length;
446 // }
447 //}
448 //bytesRead = buffer_list.Count;
449 //Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
450 }
451 catch (SEHException ex)
452 {
453 logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
454 logger.Error.WriteLine(ex.ToString());
455 throw ex;
456 }
457 catch (Exception ex)
458 {
459 logger.Error.WriteLine("ReadProcessMemory(): Exception");
460 logger.Error.WriteLine(ex.ToString());
461 throw ex;
462 }
463 }
464 #endregion
465 #endregion
466
467 #region IMemoryWriter Members
468 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
469 public void WriteProcessMemory(long MemoryAddress, byte[] bytesToWrite, out ulong bytesWritten)
470 {
471 ulong _bytesWritten = 0;
472 WriteProcessMemory((ulong)MemoryAddress, bytesToWrite, out _bytesWritten);
473 bytesWritten = (ulong)_bytesWritten;
474 }
475 public void WriteProcessMemory(ulong MemoryAddress, byte[] bytesToWrite, out ulong bytesWritten)
476 {
477 try
478 {
479 //uint _bytesWritten = 0;
480 ulong _MemoryAddress = MemoryAddress;
481
482 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToWrite.Length))
483 {
484 mem.Write(0, bytesToWrite);
485 }
486
487 //for (int i = 0; i < bytesToWrite.Length; i++)
488 //{
489 // UIntPtr _ptrBytesWritten = UIntPtr.Zero;
490 // byte[] buffer = new byte[] { bytesToWrite[i] };
491 // ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
492 // _MemoryAddress++;
493 // _bytesWritten++;
494 //}
495 //bytesWritten = _bytesWritten;
496 bytesWritten = (uint)bytesToWrite.Length;
497 }
498 catch (SEHException ex)
499 {
500 logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
501 logger.Error.WriteLine(ex.ToString());
502 throw ex;
503 }
504 catch (Exception ex)
505 {
506
507 logger.Error.WriteLine("WriteProcessMemory() Exception");
508 logger.Error.WriteLine(ex.ToString());
509 bytesWritten = 0;
510 throw ex;
511 }
512 }
513 #endregion
514 #endregion
515
516 #region IFileWriter Members
517 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
518 public bool WriteProcessMemoryToFile(string filename, ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead)
519 {
520 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
521 bytesRead = 0;
522 ulong _bytesRead = 0;
523 //uint byte_alignment = 102400;
524 ulong address = MemoryAddress;
525 //ulong _bytesToRead = bytesToRead;
526 byte[] buffer = new byte[] { };
527 try
528 {
529 const ulong MEM_1KB = 1024;
530 const ulong MEM_1MB = MEM_1KB * MEM_1KB;
531 const ulong ByteChunkSize = MEM_1MB * 32;
532 FileInfo fi = new FileInfo(filename);
533 if (fi.Exists)
534 fi.Delete();
535 using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
536 {
537 using (BinaryWriter bw = new BinaryWriter(fs))
538 {
539 ulong addr = MemoryAddress;
540 for (ulong i = 0; i < bytesToRead; i += ByteChunkSize)
541 {
542 addr += i;
543 this.ReadProcessMemory(addr, ByteChunkSize, out bytesRead, out buffer);
544 if (bytesRead == ByteChunkSize)
545 {
546 _bytesRead += ByteChunkSize;
547 foreach (var b in buffer)
548 {
549 bw.Write(b);
550 }
551 }
552 else
553 {
554 throw new InvalidOperationException("Failed to read a byte from memory");
555 }
556 }
557 bw.Flush();
558 bw.Close();
559 }
560 bytesRead = _bytesRead;
561 }
562 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
563 return true;
564 }
565 catch (SEHException ex)
566 {
567 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
568 logger.Error.WriteLine(ex.ToString());
569 throw ex;
570 }
571 catch (OutOfMemoryException ex)
572 {
573 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
574 logger.Error.WriteLine(ex.ToString());
575 }
576 catch (Exception ex)
577 {
578 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
579 logger.Error.WriteLine(ex.ToString());
580 throw ex;
581 }
582 return false;
583 }
584 #endregion
585 #endregion
586
587 #region IPatchMemory members
588 #region public virtual bool PatchMemory(uint address, byte value)
589 public virtual bool PatchMemory(ulong address, byte value)
590 {
591 byte[] bitData = BitConverter.GetBytes(value);
592 //UIntPtr ptrBytesWritten;
593 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
594 {
595 mem.Write(0, bitData);
596 }
597 //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
598 //if (ptrBytesWritten.ToUInt32() == 0)
599 // return false;
600 byte check = 0;
601 ReadMemory(address, out check);
602 if (check == value) return true;
603 return false;
604 }
605 #endregion
606 #region public virtual bool PatchMemory(uint address, sbyte value)
607 public virtual bool PatchMemory(ulong address, sbyte value)
608 {
609 byte[] bitData = BitConverter.GetBytes(value);
610 //UIntPtr ptrBytesWritten;
611 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
612 {
613 mem.Write(0, bitData);
614 }
615 //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
616 //if (ptrBytesWritten.ToUInt32() == 0)
617 // return false;
618 sbyte check = 0;
619 ReadMemory(address, out check);
620 if (check == value) return true;
621 return false;
622 }
623 #endregion
624 #region public virtual bool PatchMemory(uint address, ushort value)
625 public virtual bool PatchMemory(ulong address, ushort value)
626 {
627 byte[] bitData = BitConverter.GetBytes(value);
628 //UIntPtr ptrBytesWritten;
629 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
630 {
631 mem.Write(0, bitData);
632 }
633 //if (ptrBytesWritten.ToUInt32() == 0)
634 // return false;
635 ushort check = 0;
636 ReadMemory(address, out check);
637 if (check == value) return true;
638 return false;
639 }
640 #endregion
641 #region public virtual bool PatchMemory(uint address, short value)
642 public virtual bool PatchMemory(ulong address, short value)
643 {
644 byte[] bitData = BitConverter.GetBytes(value);
645 //UIntPtr ptrBytesWritten;
646 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
647 {
648 mem.Write(0, bitData);
649 }
650 //if (ptrBytesWritten.ToUInt32() == 0)
651 // return false;
652 short check = 0;
653 ReadMemory(address, out check);
654 if (check == value) return true;
655 return false;
656 }
657 #endregion
658 #region public virtual bool PatchMemory(uint address, uint value)
659 public virtual bool PatchMemory(ulong address, uint value)
660 {
661 byte[] bitData = BitConverter.GetBytes(value);
662 //UIntPtr ptrBytesWritten;
663 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
664 {
665 mem.Write(0, bitData);
666 }
667 //if (ptrBytesWritten.ToUInt32() == 0)
668 // return false;
669 uint check = 0;
670 ReadMemory(address, out check);
671 if (check == value) return true;
672 return false;
673 }
674 #endregion
675 #region public virtual bool PatchMemory(uint address, int value)
676 public virtual bool PatchMemory(ulong address, int value)
677 {
678 byte[] bitData = BitConverter.GetBytes(value);
679 //UIntPtr ptrBytesWritten;
680 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
681 {
682 mem.Write(0, bitData);
683 }
684 //if (ptrBytesWritten.ToUInt32() == 0)
685 // return false;
686 int check = 0;
687 ReadMemory(address, out check);
688 if (check == value) return true;
689 return false;
690 }
691 #endregion
692 #region public virtual bool PatchMemory(uint address, ulong value)
693 public virtual bool PatchMemory(ulong address, ulong value)
694 {
695 byte[] bitData = BitConverter.GetBytes(value);
696 //UIntPtr ptrBytesWritten;
697 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
698 {
699 mem.Write(0, bitData);
700 }
701 //if (ptrBytesWritten.ToUInt32() == 0)
702 // return false;
703 ulong check = 0;
704 ReadMemory(address, out check);
705 if (check == value) return true;
706 return false;
707 }
708 #endregion
709 #region public virtual bool PatchMemory(uint address, long value)
710 public virtual bool PatchMemory(ulong address, long value)
711 {
712 byte[] bitData = BitConverter.GetBytes(value);
713 //UIntPtr ptrBytesWritten;
714 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
715 {
716 mem.Write(0, bitData);
717 }
718 //if (ptrBytesWritten.ToUInt32() == 0)
719 // return false;
720 long check = 0;
721 ReadMemory(address, out check);
722 if (check == value) return true;
723 return false;
724 }
725 #endregion
726 #endregion
727
728 #region IReadMemory members
729 #region public virtual bool ReadMemory(uint address, out byte value)
730 public virtual bool ReadMemory(ulong address, out byte value)
731 {
732 value = 0;
733 try
734 {
735 //int bytesRead;
736 uint size = sizeof(byte);
737 byte[] bitData = new byte[size];
738 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
739 {
740 bitData = mem.Read(0, (int)size);
741 }
742 //if (bytesRead == 0)
743 // return false;
744 value = bitData[0];
745 return true;
746 }
747 catch
748 {
749 value = 0x00;
750 return false;
751 }
752 }
753 #endregion
754 #region public virtual bool ReadMemory(uint address, out sbyte value)
755 public virtual bool ReadMemory(ulong address, out sbyte value)
756 {
757 value = 0;
758 try
759 {
760 //int bytesRead;
761 uint size = sizeof(sbyte);
762 byte[] bitData = new byte[size];
763 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
764 {
765 bitData = mem.Read(0, (int)size);
766 }
767 //if (bytesRead == 0)
768 // return false;
769 value = Convert.ToSByte(bitData[0]);
770 return true;
771 }
772 catch
773 {
774 value = 0x00;
775 return false;
776 }
777 }
778 #endregion
779 #region public virtual bool ReadMemory(uint address, out ushort value)
780 public virtual bool ReadMemory(ulong address, out ushort value)
781 {
782 value = 0;
783 try
784 {
785 //int bytesRead;
786 uint size = sizeof(ushort);
787 byte[] bitData = new byte[size];
788 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
789 {
790 bitData = mem.Read(0, (int)size);
791 }
792 //if (bytesRead == 0)
793 // return false;
794 value = BitConverter.ToUInt16(bitData, 0);
795 return true;
796 }
797 catch
798 {
799 value = 0x00;
800 return false;
801 }
802 }
803 #endregion
804 #region public virtual bool ReadMemory(uint address, out short value)
805 public virtual bool ReadMemory(ulong address, out short value)
806 {
807 value = 0;
808 try
809 {
810 //int bytesRead;
811 uint size = sizeof(short);
812 byte[] bitData = new byte[size];
813 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
814 {
815 bitData = mem.Read(0, (int)size);
816 }
817 //if (bytesRead == 0)
818 // return false;
819 value = BitConverter.ToInt16(bitData, 0);
820 return true;
821 }
822 catch
823 {
824 value = 0x00;
825 return false;
826 }
827 }
828 #endregion
829 #region public virtual bool ReadMemory(uint address, out uint value)
830 public virtual bool ReadMemory(ulong address, out uint value)
831 {
832 value = 0;
833 try
834 {
835 //int bytesRead;
836 uint size = sizeof(uint);
837 byte[] bitData = new byte[size];
838 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
839 {
840 bitData = mem.Read(0, (int)size);
841 }
842 //if (bytesRead == 0)
843 // return false;
844 value = BitConverter.ToUInt32(bitData, 0);
845 return true;
846 }
847 catch
848 {
849 value = 0x00;
850 return false;
851 }
852 }
853 #endregion
854 #region public virtual bool ReadMemory(uint address, out int value)
855 public virtual bool ReadMemory(ulong address, out int value)
856 {
857 value = 0;
858 try
859 {
860 //int bytesRead;
861 uint size = sizeof(int);
862 byte[] bitData = new byte[size];
863 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
864 {
865 bitData = mem.Read(0, (int)size);
866 }
867 //if (bytesRead == 0)
868 // return false;
869 value = BitConverter.ToInt32(bitData, 0);
870 return true;
871 }
872 catch
873 {
874 value = 0x00;
875 return false;
876 }
877 }
878 #endregion
879 #region public virtual bool ReadMemory(uint address, out ulong value)
880 public virtual bool ReadMemory(ulong address, out ulong value)
881 {
882 value = 0;
883 try
884 {
885 //int bytesRead;
886 uint size = sizeof(ulong);
887 byte[] bitData = new byte[size];
888 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
889 {
890 bitData = mem.Read(0, (int)size);
891 }
892 //if (bytesRead == 0)
893 // return false;
894 value = BitConverter.ToUInt64(bitData, 0);
895 return true;
896 }
897 catch
898 {
899 value = 0x00;
900 return false;
901 }
902 }
903 #endregion
904 #region public virtual bool ReadMemory(uint address, out long value)
905 public virtual bool ReadMemory(ulong address, out long value)
906 {
907 value = 0;
908 try
909 {
910 // int bytesRead;
911 uint size = sizeof(long);
912 byte[] bitData = new byte[size];
913 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
914 {
915 bitData = mem.Read(0, (int)size);
916 }
917 //if (bytesRead == 0)
918 // return false;
919 value = BitConverter.ToInt64(bitData, 0);
920 return true;
921 }
922 catch
923 {
924 value = 0x00;
925 return false;
926 }
927 }
928 #endregion
929 #endregion
930 }
931 #endregion
932 }