/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Contents of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 686 - (show annotations) (download)
Mon Jun 17 09:31:52 2013 UTC (7 years, 5 months ago) by william
File size: 38950 byte(s)
+ massive move of source files

1 #region Logging Defines
2 // include this any class or method that required logging, and comment-out what is not needed
3
4 #region Enabled logging levels
5 #define LOGGING_ENABLE_INFO
6 #define LOGGING_ENABLE_WARN
7 #define LOGGING_ENABLE_DEBUG
8 #define LOGGING_ENABLE_VERBOSEDEBUG
9 #define LOGGING_ENABLE_ERROR
10 #define LOGGING_ENABLE_VERBOSEERROR
11 //#define LOGGING_ENABLE_PROFILER
12 #endregion
13 #endregion
14 using System;
15 using System.Collections.Generic;
16 using System.Text;
17 using System.Diagnostics;
18 using System.Threading;
19 using System.Runtime.InteropServices;
20 using RomCheater.Logging;
21 using System.IO;
22 using Sojaner.MemoryScanner.MemoryProviers;
23 using Microsoft.Win32.SafeHandles;
24 using Microsoft.Win32.Interop;
25 using System.ComponentModel;
26 using ManagedWinapi;
27 using RomCheater.PluginFramework.Events;
28 using RomCheater.Core;
29
30 namespace Sojaner.MemoryScanner
31 {
32 // code borrowed from: http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx
33 #region ProcessMemoryReader class
34 //Thanks goes to Arik Poznanski for P/Invokes and methods needed to read and write the Memory
35 //For more information refer to "Minesweeper, Behind the scenes" article by Arik Poznanski at Codeproject.com
36 internal class ProcessMemoryReader : IMemoryReader, IMemoryWriter, IFileWriter, IPatchMemory,IReadMemory, IAcceptsBytesReadEvent
37 {
38 // constants information can be found in <winnt.h>
39 [Flags]
40 enum ProcessAccessFlags : uint
41 {
42 All = 0x001F0FFF,
43 Terminate = 0x00000001,
44 CreateThread = 0x00000002,
45 VMOperation = 0x00000008,
46 VMRead = 0x00000010,
47 VMWrite = 0x00000020,
48 DupHandle = 0x00000040,
49 SetInformation = 0x00000200,
50 QueryInformation = 0x00000400,
51 Synchronize = 0x00100000
52 }
53 [Flags]
54 public enum AllocationProtect : uint
55 {
56 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
57 NONE = 0,
58 PAGE_NOACCESS = 0x00000001,
59 PAGE_READONLY = 0x00000002,
60 PAGE_READWRITE = 0x00000004,
61 PAGE_WRITECOPY = 0x00000008,
62 PAGE_EXECUTE = 0x00000010,
63 PAGE_EXECUTE_READ = 0x00000020,
64 PAGE_EXECUTE_READWRITE = 0x00000040,
65 PAGE_EXECUTE_WRITECOPY = 0x00000080,
66 PAGE_GUARD = 0x00000100,
67 PAGE_NOCACHE = 0x00000200,
68 PAGE_WRITECOMBINE = 0x00000400
69 }
70 [StructLayout(LayoutKind.Sequential)]
71 public struct MEMORY_BASIC_INFORMATION
72 {
73 public IntPtr BaseAddress;
74 public IntPtr AllocationBase;
75 public AllocationProtect AllocationProtect;
76 public IntPtr RegionSize;
77 public uint State;
78 public uint Protect;
79 public uint Type;
80 }
81
82 public ProcessMemoryReader()
83 {
84 }
85 public event BaseEventHandler<OnBytesReadEventArgs> OnBytesRead;
86 /// <summary>
87 /// Process from which to read
88 /// </summary>
89 public Process ReadProcess
90 {
91 get
92 {
93 return m_ReadProcess;
94 }
95 set
96 {
97 m_ReadProcess = value;
98 }
99 }
100
101 private Process m_ReadProcess = null;
102
103 //SafeWaitHandle handle;
104 //private IntPtr handle = IntPtr.Zero;
105 //SafeWaitHandle m_hProcess; /* unused */
106 //public void OpenProcess()
107 //{
108 // try
109 // {
110 // // m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
111 // //if (!TokenAdjuster.AdjustProcessTokenPrivileges("SeDebugPrivilege"))
112 // //{
113 // // logger.Warn.WriteLine("Failed to set SeDebugPrivilege on current process");
114 // //}
115 // ProcessAccessFlags access;
116 // access = ProcessAccessFlags.VMRead
117 // | ProcessAccessFlags.VMWrite
118 // | ProcessAccessFlags.VMOperation;
119 // //m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
120 // handle = ProcessMemoryReaderApi.OpenProcess(access, true, m_ReadProcess.Id);
121 // //m_hProcess = new SafeWaitHandle(handle, false);
122 // }
123 // catch (SEHException ex)
124 // {
125 // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
126 // logger.Error.WriteLine(ex.ToString());
127 // throw ex;
128 // }
129 // catch (Exception ex)
130 // {
131 // logger.Error.WriteLine(ex.ToString());
132 // throw ex;
133 // }
134 //}
135
136 //public void CloseHandle()
137 //{
138 // try
139 // {
140 // ////if (handle.IsInvalid) { return; }
141 // ////if (handle.IsClosed) { return; }
142 // //m_hProcess.Close();
143 // //m_hProcess.Dispose();
144 // //m_hProcess = null;
145 // //handle = IntPtr.Zero;
146 // //m_ReadProcess = null;
147 // //string stack_trace = System.Environment.StackTrace;
148 // int iRetValue;
149 // iRetValue = ProcessMemoryReaderApi.CloseHandle(handle);
150 // handle = IntPtr.Zero;
151 // ReadProcess = null;
152 // if (iRetValue == 0)
153 // {
154 // throw new Exception("CloseHandle failed");
155 // }
156 // }
157 // catch (SEHException ex)
158 // {
159 // logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
160 // logger.Error.WriteLine(ex.ToString());
161 // throw ex;
162 // }
163 // catch (Exception ex)
164 // {
165 // logger.Error.WriteLine(ex.ToString());
166 // throw ex;
167 // }
168 //}
169 ///// <summary>
170 ///// ProcessMemoryReader is a class that enables direct reading a process memory
171 ///// </summary>
172 //private class ProcessMemoryReaderApi
173 ////{
174 //[DllImport("kernel32.dll")]
175 //public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
176
177 // // function declarations are found in the MSDN and in <winbase.h>
178
179 // // HANDLE OpenProcess(
180 // // DWORD dwDesiredAccess, // access flag
181 // // BOOL bInheritHandle, // handle inheritance option
182 // // DWORD dwProcessId // process identifier
183 // // );
184 // [DllImport("kernel32.dll")]
185 // public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
186
187 // // BOOL CloseHandle(
188 // // HANDLE hObject // handle to object
189 // // );
190 // [DllImport("kernel32.dll")]
191 // public static extern Int32 CloseHandle(IntPtr hObject);
192
193 // // BOOL ReadProcessMemory(
194 // // HANDLE hProcess, // handle to the process
195 // // LPCVOID lpBaseAddress, // base of memory area
196 // // LPVOID lpBuffer, // data buffer
197 // // SIZE_T nSize, // number of bytes to read
198 // // SIZE_T * lpNumberOfBytesRead // number of bytes read
199 // // );
200 // [DllImport("kernel32.dll", SetLastError = true)]
201 // public static extern bool ReadProcessMemory(
202 // IntPtr hProcess,
203 // IntPtr lpBaseAddress,
204 // [Out] byte[] lpBuffer,
205 // uint dwSize,
206 // out int lpNumberOfBytesRead
207 // );
208
209 // // BOOL WriteProcessMemory(
210 // // HANDLE hProcess, // handle to process
211 // // LPVOID lpBaseAddress, // base of memory area
212 // // LPCVOID lpBuffer, // data buffer
213 // // SIZE_T nSize, // count of bytes to write
214 // // SIZE_T * lpNumberOfBytesWritten // count of bytes written
215 // // );
216 // [DllImport("kernel32.dll", SetLastError = true)]
217 // public static extern bool WriteProcessMemory(
218 // IntPtr hProcess,
219 // IntPtr lpBaseAddress,
220 // byte[] lpBuffer,
221 // uint nSize,
222 // out UIntPtr lpNumberOfBytesWritten);
223
224
225 //}
226
227 #region IMemoryReader Members
228 #region public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out int address)
229 public bool ReadFirstNonZeroByte(ulong MemoryAddress, ulong bytesToRead, out ulong address)
230 {
231 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
232 address = 0;
233 uint byte_alignment = 1;
234 // get common init parameters
235 //InitMemoryDump(out byte_alignment);
236 ulong mem_address = MemoryAddress;
237 ulong _bytesToRead = bytesToRead;
238 byte[] buffer = new byte[] { };
239 try
240 {
241 //using (MemoryStream ms = new MemoryStream())
242 //{
243 // //BinaryWriter bw = new BinaryWriter(ms);
244 // //foreach (byte b in data) { bw.Write(b); }
245 for (ulong i = 0; i <= bytesToRead; )
246 {
247 if (_bytesToRead < byte_alignment)
248 {
249 _bytesToRead = bytesToRead;
250 buffer = new byte[_bytesToRead];
251 }
252 else
253 {
254 _bytesToRead = byte_alignment;
255 buffer = new byte[byte_alignment];
256 }
257 ulong bytesRead = 0;
258 ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
259 if (buffer.Length == 0 && bytesRead == 0)
260 {
261 throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
262 }
263 //bw.Write(buffer);
264 //bw.Flush();
265 if (_bytesToRead < byte_alignment)
266 {
267 i += _bytesToRead;
268 mem_address += (ulong)_bytesToRead;
269 }
270 else
271 {
272 i += byte_alignment;
273 mem_address += (ulong)byte_alignment;
274 }
275 for (uint j = 0; j < buffer.Length; j++)
276 {
277 if (buffer[j] != 0)
278 {
279 address = mem_address;
280 break;
281 }
282 }
283 if (address != 0)
284 break;
285 }
286 // bw.Close();
287 //}
288 //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
289 return true;
290 }
291 catch (SEHException ex)
292 {
293 logger.Error.WriteLine("ReadFirstNonZeroByte() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
294 logger.Error.WriteLine(ex.ToString());
295 throw ex;
296 }
297 catch (OutOfMemoryException ex)
298 {
299 logger.Error.WriteLine("ReadFirstNonZeroByte(): OutOfMemoryException");
300 logger.Error.WriteLine(ex.ToString());
301 }
302 catch (Exception ex)
303 {
304 logger.Error.WriteLine("ReadFirstNonZeroByte(): Exception");
305 logger.Error.WriteLine(ex.ToString());
306 throw ex;
307 }
308 return false;
309 }
310 #endregion
311
312
313 public List<MEMORY_REGION_INFORMATION> QueryMemoryRegions(ulong start, ulong size)
314 {
315 List<MEMORY_REGION_INFORMATION> regions = new List<MEMORY_REGION_INFORMATION>();
316 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)0, 0))
317 {
318 regions = mem.QueryMemoryRegions(start, size);
319 }
320 return regions;
321 }
322
323 public void UpdateAddressArray(ulong[] addresses, ulong size, out byte[][] values)
324 {
325 // size = size of data to read at each address
326 values = new byte[addresses.Length][];
327 for (int x = 0; x < values.Length; x++) { values[x] = new byte[size]; }
328
329 for (ulong i = 0; i < (ulong)addresses.Length; i++)
330 {
331 byte[] data = new byte[size];
332 ulong bytesRead = 0;
333 var address = addresses[i];
334 this.ReadProcessMemory(address, size, out bytesRead, out data);
335 values[i] = data;
336 }
337 }
338
339
340 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, ulong bytesToRead, object UserState)
341 {
342 uint size = 128;
343 //int count = 0;
344 for (ulong j = MemoryAddress; j < (MemoryAddress + bytesToRead); j += size)
345 {
346 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)size))
347 {
348 byte[] bigMem = mem.Read();
349 //count += bigMem.Length;
350 if (this.OnBytesRead != null)
351 {
352 OnBytesReadEventArgs t = new OnBytesReadEventArgs(this, UserState, bigMem, j, bytesToRead);
353 this.OnBytesRead.Invoke(t);
354 if (t.Canceled)
355 {
356 bigMem = null;
357 break;
358 }
359
360 }
361 bigMem = null;
362 }
363 }
364 }
365 public void ReadProcessMemoryAtOnce(ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead, out byte[] data)
366 {
367 Stopwatch st = new Stopwatch();
368 st.Start();
369 List<byte> buffer_list = new List<byte>();
370 //for (uint j = MemoryAddress; j < (MemoryAddress+bytesToRead); j += size)
371 //{
372 // using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)j, (int)bytesToRead))
373 // {
374 // byte[] bigMem = mem.Read();
375 // foreach (byte b in bigMem) { buffer_list.Add(b); }
376 // bigMem = null;
377 // }
378 //}
379
380
381
382 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToRead))
383 {
384 byte[] bigMem = mem.Read();
385 foreach (byte b in bigMem) { buffer_list.Add(b); }
386 bigMem = null;
387 }
388
389 bytesRead = (ulong)buffer_list.Count;
390 data = new byte[bytesToRead];
391 data.Initialize();
392 Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
393 st.Stop();
394 logger.Profiler.WriteLine("ReadProcessMemoryAtOnce(): start=0x{0:x8} end=0x{1:x8} took {2:0.0000} seconds", MemoryAddress, MemoryAddress + bytesToRead, st.Elapsed.TotalSeconds);
395 }
396 #region public void ReadProcessMemory(int MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
397 public void ReadProcessMemory(long MemoryAddress, long bytesToRead, out ulong bytesRead, out byte[] data)
398 {
399 ReadProcessMemory((ulong)MemoryAddress, (ulong)bytesToRead, out bytesRead, out data);
400 }
401 public void ReadProcessMemory(ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead, out byte[] data)
402 {
403 try
404 {
405 ReadProcessMemoryAtOnce(MemoryAddress, bytesToRead, out bytesRead, out data);
406 //bytesRead = 0;
407 //data = new byte[bytesToRead];
408 //const int alignment = 1;
409 //List<byte> buffer_list = new List<byte>();
410 //uint _MemoryAddress = MemoryAddress;
411 //for (int i = 0; i < bytesToRead; i++)
412 //{
413 // byte[] buffer = new byte[alignment];
414 // int _bytesRead = 0;
415 // MEMORY_BASIC_INFORMATION m;
416 // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
417
418 // if (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) ||
419 // m.AllocationProtect == 0)
420 // {
421 // uint OrignalAddress = _MemoryAddress;
422 // while (m.AllocationProtect.HasFlag(AllocationProtect.PAGE_NOACCESS) || m.AllocationProtect == 0)
423 // {
424 // ProcessMemoryReaderApi.VirtualQueryEx(m_ReadProcess.Handle, (IntPtr)_MemoryAddress, out m, (uint)Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION)));
425 // _MemoryAddress++;
426 // buffer_list.Add(0);
427 // }
428 // _MemoryAddress--;
429 // uint diff = _MemoryAddress - OrignalAddress;
430 // i += (int)diff;
431 // buffer_list.RemoveAt(buffer_list.Count-1);
432 // }
433
434 // ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, alignment, out _bytesRead);
435 // int LastError = Marshal.GetLastWin32Error();
436 // if (LastError != ResultWin32.ERROR_SUCCESS)
437 // {
438 // string ErrorName = ResultWin32.GetErrorName(LastError);
439 // }
440 // if (_bytesRead > 0)
441 // {
442 // foreach (byte b in buffer)
443 // {
444 // buffer_list.Add(b);
445 // }
446 // _MemoryAddress += (uint)buffer.Length;
447 // }
448 //}
449 //bytesRead = buffer_list.Count;
450 //Buffer.BlockCopy(buffer_list.ToArray(), 0, data, 0, (int)bytesToRead);
451 }
452 catch (SEHException ex)
453 {
454 logger.Error.WriteLine("ReadProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
455 logger.Error.WriteLine(ex.ToString());
456 throw ex;
457 }
458 catch (Exception ex)
459 {
460 logger.Error.WriteLine("ReadProcessMemory(): Exception");
461 logger.Error.WriteLine(ex.ToString());
462 throw ex;
463 }
464 }
465 #endregion
466 #endregion
467
468 #region IMemoryWriter Members
469 #region public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
470 public void WriteProcessMemory(long MemoryAddress, byte[] bytesToWrite, out ulong bytesWritten)
471 {
472 ulong _bytesWritten = 0;
473 WriteProcessMemory((ulong)MemoryAddress, bytesToWrite, out _bytesWritten);
474 bytesWritten = (ulong)_bytesWritten;
475 }
476 public void WriteProcessMemory(ulong MemoryAddress, byte[] bytesToWrite, out ulong bytesWritten)
477 {
478 try
479 {
480 //uint _bytesWritten = 0;
481 ulong _MemoryAddress = MemoryAddress;
482
483 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)MemoryAddress, (int)bytesToWrite.Length))
484 {
485 mem.Write(0, bytesToWrite);
486 }
487
488 //for (int i = 0; i < bytesToWrite.Length; i++)
489 //{
490 // UIntPtr _ptrBytesWritten = UIntPtr.Zero;
491 // byte[] buffer = new byte[] { bytesToWrite[i] };
492 // ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)_MemoryAddress, buffer, (uint)buffer.Length, out _ptrBytesWritten);
493 // _MemoryAddress++;
494 // _bytesWritten++;
495 //}
496 //bytesWritten = _bytesWritten;
497 bytesWritten = (uint)bytesToWrite.Length;
498 }
499 catch (SEHException ex)
500 {
501 logger.Error.WriteLine("WriteProcessMemory() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
502 logger.Error.WriteLine(ex.ToString());
503 throw ex;
504 }
505 catch (Exception ex)
506 {
507
508 logger.Error.WriteLine("WriteProcessMemory() Exception");
509 logger.Error.WriteLine(ex.ToString());
510 bytesWritten = 0;
511 throw ex;
512 }
513 }
514 #endregion
515 #endregion
516
517 #region IFileWriter Members
518 #region public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
519 public bool WriteProcessMemoryToFile(string filename, ulong MemoryAddress, ulong bytesToRead, out ulong bytesRead)
520 {
521 //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
522 bytesRead = 0;
523 ulong _bytesRead = 0;
524 //uint byte_alignment = 102400;
525 ulong address = MemoryAddress;
526 //ulong _bytesToRead = bytesToRead;
527 byte[] buffer = new byte[] { };
528 try
529 {
530 const ulong MEM_1KB = 1024;
531 const ulong MEM_1MB = MEM_1KB * MEM_1KB;
532 const ulong ByteChunkSize = MEM_1MB * 32;
533 FileInfo fi = new FileInfo(filename);
534 if (fi.Exists)
535 fi.Delete();
536 using (FileStream fs = new FileStream(filename, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.ReadWrite))
537 {
538 using (BinaryWriter bw = new BinaryWriter(fs))
539 {
540 ulong addr = MemoryAddress;
541 for (ulong i = 0; i < bytesToRead; i += ByteChunkSize)
542 {
543 addr += i;
544 this.ReadProcessMemory(addr, ByteChunkSize, out bytesRead, out buffer);
545 if (bytesRead == ByteChunkSize)
546 {
547 _bytesRead += ByteChunkSize;
548 foreach (var b in buffer)
549 {
550 bw.Write(b);
551 }
552 }
553 else
554 {
555 throw new InvalidOperationException("Failed to read a byte from memory");
556 }
557 }
558 bw.Flush();
559 bw.Close();
560 }
561 bytesRead = _bytesRead;
562 }
563 logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ReadProcess.Id, ReadProcess.ProcessName));
564 return true;
565 }
566 catch (SEHException ex)
567 {
568 logger.Error.WriteLine("WriteProcessMemoryToFile() SEHException was thrown: (0x{0:x8}) - {1}", ex.ErrorCode, ex.Message);
569 logger.Error.WriteLine(ex.ToString());
570 throw ex;
571 }
572 catch (OutOfMemoryException ex)
573 {
574 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
575 logger.Error.WriteLine(ex.ToString());
576 }
577 catch (Exception ex)
578 {
579 logger.Error.WriteLine("WriteProcessMemoryToFile(): Exception");
580 logger.Error.WriteLine(ex.ToString());
581 throw ex;
582 }
583 return false;
584 }
585 #endregion
586 #endregion
587
588 #region IPatchMemory members
589 #region public virtual bool PatchMemory(uint address, byte value)
590 public virtual bool PatchMemory(ulong address, byte value)
591 {
592 byte[] bitData = BitConverter.GetBytes(value);
593 //UIntPtr ptrBytesWritten;
594 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
595 {
596 mem.Write(0, bitData);
597 }
598 //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
599 //if (ptrBytesWritten.ToUInt32() == 0)
600 // return false;
601 byte check = 0;
602 ReadMemory(address, out check);
603 if (check == value) return true;
604 return false;
605 }
606 #endregion
607 #region public virtual bool PatchMemory(uint address, sbyte value)
608 public virtual bool PatchMemory(ulong address, sbyte value)
609 {
610 byte[] bitData = BitConverter.GetBytes(value);
611 //UIntPtr ptrBytesWritten;
612 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
613 {
614 mem.Write(0, bitData);
615 }
616 //ProcessMemoryReaderApi.WriteProcessMemory(handle, (IntPtr)address, bitData, (uint)bitData.Length, out ptrBytesWritten);
617 //if (ptrBytesWritten.ToUInt32() == 0)
618 // return false;
619 sbyte check = 0;
620 ReadMemory(address, out check);
621 if (check == value) return true;
622 return false;
623 }
624 #endregion
625 #region public virtual bool PatchMemory(uint address, ushort value)
626 public virtual bool PatchMemory(ulong address, ushort value)
627 {
628 byte[] bitData = BitConverter.GetBytes(value);
629 //UIntPtr ptrBytesWritten;
630 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
631 {
632 mem.Write(0, bitData);
633 }
634 //if (ptrBytesWritten.ToUInt32() == 0)
635 // return false;
636 ushort check = 0;
637 ReadMemory(address, out check);
638 if (check == value) return true;
639 return false;
640 }
641 #endregion
642 #region public virtual bool PatchMemory(uint address, short value)
643 public virtual bool PatchMemory(ulong address, short value)
644 {
645 byte[] bitData = BitConverter.GetBytes(value);
646 //UIntPtr ptrBytesWritten;
647 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
648 {
649 mem.Write(0, bitData);
650 }
651 //if (ptrBytesWritten.ToUInt32() == 0)
652 // return false;
653 short check = 0;
654 ReadMemory(address, out check);
655 if (check == value) return true;
656 return false;
657 }
658 #endregion
659 #region public virtual bool PatchMemory(uint address, uint value)
660 public virtual bool PatchMemory(ulong address, uint value)
661 {
662 byte[] bitData = BitConverter.GetBytes(value);
663 //UIntPtr ptrBytesWritten;
664 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
665 {
666 mem.Write(0, bitData);
667 }
668 //if (ptrBytesWritten.ToUInt32() == 0)
669 // return false;
670 uint check = 0;
671 ReadMemory(address, out check);
672 if (check == value) return true;
673 return false;
674 }
675 #endregion
676 #region public virtual bool PatchMemory(uint address, int value)
677 public virtual bool PatchMemory(ulong address, int value)
678 {
679 byte[] bitData = BitConverter.GetBytes(value);
680 //UIntPtr ptrBytesWritten;
681 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
682 {
683 mem.Write(0, bitData);
684 }
685 //if (ptrBytesWritten.ToUInt32() == 0)
686 // return false;
687 int check = 0;
688 ReadMemory(address, out check);
689 if (check == value) return true;
690 return false;
691 }
692 #endregion
693 #region public virtual bool PatchMemory(uint address, ulong value)
694 public virtual bool PatchMemory(ulong address, ulong value)
695 {
696 byte[] bitData = BitConverter.GetBytes(value);
697 //UIntPtr ptrBytesWritten;
698 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
699 {
700 mem.Write(0, bitData);
701 }
702 //if (ptrBytesWritten.ToUInt32() == 0)
703 // return false;
704 ulong check = 0;
705 ReadMemory(address, out check);
706 if (check == value) return true;
707 return false;
708 }
709 #endregion
710 #region public virtual bool PatchMemory(uint address, long value)
711 public virtual bool PatchMemory(ulong address, long value)
712 {
713 byte[] bitData = BitConverter.GetBytes(value);
714 //UIntPtr ptrBytesWritten;
715 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address,(int)bitData.Length))
716 {
717 mem.Write(0, bitData);
718 }
719 //if (ptrBytesWritten.ToUInt32() == 0)
720 // return false;
721 long check = 0;
722 ReadMemory(address, out check);
723 if (check == value) return true;
724 return false;
725 }
726 #endregion
727 #endregion
728
729 #region IReadMemory members
730 #region public virtual bool ReadMemory(uint address, out byte value)
731 public virtual bool ReadMemory(ulong address, out byte value)
732 {
733 value = 0;
734 try
735 {
736 //int bytesRead;
737 uint size = sizeof(byte);
738 byte[] bitData = new byte[size];
739 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
740 {
741 bitData = mem.Read(0, (int)size);
742 }
743 //if (bytesRead == 0)
744 // return false;
745 value = bitData[0];
746 return true;
747 }
748 catch
749 {
750 value = 0x00;
751 return false;
752 }
753 }
754 #endregion
755 #region public virtual bool ReadMemory(uint address, out sbyte value)
756 public virtual bool ReadMemory(ulong address, out sbyte value)
757 {
758 value = 0;
759 try
760 {
761 //int bytesRead;
762 uint size = sizeof(sbyte);
763 byte[] bitData = new byte[size];
764 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
765 {
766 bitData = mem.Read(0, (int)size);
767 }
768 //if (bytesRead == 0)
769 // return false;
770 value = Convert.ToSByte(bitData[0]);
771 return true;
772 }
773 catch
774 {
775 value = 0x00;
776 return false;
777 }
778 }
779 #endregion
780 #region public virtual bool ReadMemory(uint address, out ushort value)
781 public virtual bool ReadMemory(ulong address, out ushort value)
782 {
783 value = 0;
784 try
785 {
786 //int bytesRead;
787 uint size = sizeof(ushort);
788 byte[] bitData = new byte[size];
789 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
790 {
791 bitData = mem.Read(0, (int)size);
792 }
793 //if (bytesRead == 0)
794 // return false;
795 value = BitConverter.ToUInt16(bitData, 0);
796 return true;
797 }
798 catch
799 {
800 value = 0x00;
801 return false;
802 }
803 }
804 #endregion
805 #region public virtual bool ReadMemory(uint address, out short value)
806 public virtual bool ReadMemory(ulong address, out short value)
807 {
808 value = 0;
809 try
810 {
811 //int bytesRead;
812 uint size = sizeof(short);
813 byte[] bitData = new byte[size];
814 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
815 {
816 bitData = mem.Read(0, (int)size);
817 }
818 //if (bytesRead == 0)
819 // return false;
820 value = BitConverter.ToInt16(bitData, 0);
821 return true;
822 }
823 catch
824 {
825 value = 0x00;
826 return false;
827 }
828 }
829 #endregion
830 #region public virtual bool ReadMemory(uint address, out uint value)
831 public virtual bool ReadMemory(ulong address, out uint value)
832 {
833 value = 0;
834 try
835 {
836 //int bytesRead;
837 uint size = sizeof(uint);
838 byte[] bitData = new byte[size];
839 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
840 {
841 bitData = mem.Read(0, (int)size);
842 }
843 //if (bytesRead == 0)
844 // return false;
845 value = BitConverter.ToUInt32(bitData, 0);
846 return true;
847 }
848 catch
849 {
850 value = 0x00;
851 return false;
852 }
853 }
854 #endregion
855 #region public virtual bool ReadMemory(uint address, out int value)
856 public virtual bool ReadMemory(ulong address, out int value)
857 {
858 value = 0;
859 try
860 {
861 //int bytesRead;
862 uint size = sizeof(int);
863 byte[] bitData = new byte[size];
864 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
865 {
866 bitData = mem.Read(0, (int)size);
867 }
868 //if (bytesRead == 0)
869 // return false;
870 value = BitConverter.ToInt32(bitData, 0);
871 return true;
872 }
873 catch
874 {
875 value = 0x00;
876 return false;
877 }
878 }
879 #endregion
880 #region public virtual bool ReadMemory(uint address, out ulong value)
881 public virtual bool ReadMemory(ulong address, out ulong value)
882 {
883 value = 0;
884 try
885 {
886 //int bytesRead;
887 uint size = sizeof(ulong);
888 byte[] bitData = new byte[size];
889 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
890 {
891 bitData = mem.Read(0, (int)size);
892 }
893 //if (bytesRead == 0)
894 // return false;
895 value = BitConverter.ToUInt64(bitData, 0);
896 return true;
897 }
898 catch
899 {
900 value = 0x00;
901 return false;
902 }
903 }
904 #endregion
905 #region public virtual bool ReadMemory(uint address, out long value)
906 public virtual bool ReadMemory(ulong address, out long value)
907 {
908 value = 0;
909 try
910 {
911 // int bytesRead;
912 uint size = sizeof(long);
913 byte[] bitData = new byte[size];
914 using (ProcessMemoryChunk mem = new ProcessMemoryChunk(m_ReadProcess, (IntPtr)address, (int)size))
915 {
916 bitData = mem.Read(0, (int)size);
917 }
918 //if (bytesRead == 0)
919 // return false;
920 value = BitConverter.ToInt64(bitData, 0);
921 return true;
922 }
923 catch
924 {
925 value = 0x00;
926 return false;
927 }
928 }
929 #endregion
930 #endregion
931 }
932 #endregion
933 }

  ViewVC Help
Powered by ViewVC 1.1.22