/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/06/03 12:36:47	231
+++ trunk/Win32/Sojaner.MemoryScanner/MemoryScanner.cs	2012/06/03 14:50:09	245
@@ -61,97 +61,16 @@
                     throw new Exception("CloseHandle failed");
                 }
             }
-            catch (Exception ex)
+            catch (SEHException ex)
             {
-                //System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
                 throw ex;
             }
-        }
-
-
-
-        #region RamDumper
-        //private interface IRamDumper
-        //{
-        //    bool DumpMemoryToFile(Process ppid, string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead);
-        //    void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data);
-        //}
-        private class RamDumper
-        {
-            public RamDumper() { } 
-            #region IRamDumper members
-            #region DumpMemoryToByteArray
-            public void DumpMemoryToByteArray(Process ppid, uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
+            catch (Exception ex)
             {
-                data = new byte[] { };
-                //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
-                bytesRead = 0;
-                uint byte_alignment = 1;
-                // get common init parameters
-                //InitMemoryDump(out byte_alignment);
-                uint address = MemoryAddress;
-                uint _bytesToRead = bytesToRead;
-                byte[] buffer = new byte[] { };
-                try
-                {
-                    using (MemoryStream ms = new MemoryStream())
-                    {
-                        BinaryWriter bw = new BinaryWriter(ms);
-                        //foreach (byte b in data) { bw.Write(b); }
-
-                        for (uint i = 0; i <= bytesToRead; )
-                        {
-                            if (_bytesToRead < byte_alignment)
-                            {
-                                _bytesToRead = bytesToRead;
-                                buffer = new byte[_bytesToRead];
-                            }
-                            else
-                            {
-                                _bytesToRead = byte_alignment;
-                                buffer = new byte[byte_alignment];
-                            }
-                            IntPtr ptrBytesRead;
-                            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)address, buffer, _bytesToRead, out ptrBytesRead);
-                            bytesRead = ptrBytesRead.ToInt32();
-                            bw.Write(buffer);
-                            bw.Flush();
-
-                            if (_bytesToRead < byte_alignment)
-                            {
-                                i += _bytesToRead;
-                                address += _bytesToRead;
-                            }
-                            else
-                            {
-                                i += byte_alignment;
-                                address += byte_alignment;
-                            }
-
-
-                        }
-                        bw.Close();
-                        data = ms.ToArray();
-                    }
-                    //logger.Info.WriteLine("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
-                }
-                catch (OutOfMemoryException ex)
-                {
-                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
-                    logger.Error.WriteLine("DumpMemory(): OutOfMemoryException");
-                    logger.Error.WriteLine(ex.ToString());
-                }
-                catch (Exception ex)
-                {
-                    logger.Error.WriteLine("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
-                    logger.Error.WriteLine("DumpMemory(): Exception");
-                    logger.Error.WriteLine(ex.ToString());
-                }
+                //System.Windows.Forms.MessageBox.Show(ex.Message, "error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Warning);
+                throw ex;
             }
-            #endregion
-            #endregion
         }
-        #endregion
         /// <summary>
         /// ProcessMemoryReader is a class that enables direct reading a process memory
         /// </summary>
@@ -198,7 +117,7 @@
             //			SIZE_T * lpNumberOfBytesRead  // number of bytes read
             //			);
             [DllImport("kernel32.dll")]
-            public static extern Int32 ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
+            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
 
             //		BOOL WriteProcessMemory(
             //			HANDLE hProcess,                // handle to process
@@ -208,21 +127,21 @@
             //			SIZE_T * lpNumberOfBytesWritten // count of bytes written
             //			);
             [DllImport("kernel32.dll")]
-            public static extern Int32 WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
+            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
 
 
         }
 
         #region IMemoryReader Members
-        public bool ReadFirstNonZeroByte(uint MemoryAddress, int bytesToRead, out uint address)
+        public bool ReadFirstNonZeroByte(uint MemoryAddress, uint bytesToRead, out uint address)
         {
             //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({2})", MemoryAddress, MemoryAddress + bytesToRead, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
             address = 0;
-            int byte_alignment = 1;
+            uint byte_alignment = 1;
             // get common init parameters
             //InitMemoryDump(out byte_alignment);
             uint mem_address = MemoryAddress;
-            int _bytesToRead = bytesToRead;
+            uint _bytesToRead = bytesToRead;
             byte[] buffer = new byte[] { };
             try
             {
@@ -230,7 +149,7 @@
                 //{
                 //    //BinaryWriter bw = new BinaryWriter(ms);
                 //    //foreach (byte b in data) { bw.Write(b); }
-                for (int i = 0; i <= bytesToRead; )
+                for (uint i = 0; i <= bytesToRead; )
                 {
                     if (_bytesToRead < byte_alignment)
                     {
@@ -244,6 +163,10 @@
                     }
                     int bytesRead = 0;
                     ReadProcessMemory(mem_address, _bytesToRead, out bytesRead, out buffer);
+                    if (buffer.Length == 0 && bytesRead == 0)
+                    {
+                        throw new Exception(string.Format("Failed to read memory from process: {0}", ReadProcess.ToString()));
+                    }
                     //bw.Write(buffer);
                     //bw.Flush();
                     if (_bytesToRead < byte_alignment)
@@ -286,12 +209,11 @@
             }
             return false;
         }
-        public void ReadProcessMemory(uint MemoryAddress, int bytesToRead, out int bytesRead, out byte[] data)
+        public void ReadProcessMemory(uint MemoryAddress, uint bytesToRead, out int bytesRead, out byte[] data)
         {
             byte[] buffer = new byte[] { };
             IntPtr ptrBytesRead;
-            uint _bytesToRead = (uint)bytesToRead;
-            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (UIntPtr)MemoryAddress, buffer, _bytesToRead, out ptrBytesRead);
+            ProcessMemoryReader.ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, (IntPtr)MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
             bytesRead = ptrBytesRead.ToInt32();
             data = buffer;
         }
@@ -305,20 +227,20 @@
         public void WriteProcessMemory(uint MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
         {
             IntPtr ptrBytesWritten;
-            ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, (UIntPtr)MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
+            ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, (IntPtr)MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
             bytesWritten = ptrBytesWritten.ToInt32();
         }
         #endregion
 
         #region IFileWriter Members
 
-        public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, int bytesToRead, out int bytesRead)
+        public bool WriteProcessMemoryToFile(string filename, uint MemoryAddress, uint bytesToRead, out int bytesRead)
         {
             //logger.Info.WriteLine("Dumping memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", MemoryAddress, MemoryAddress + bytesToRead, filename, string.Format("0x{0:x4} {1}.exe", ppid.Id, ppid.ProcessName));
             bytesRead = 0;
-            int byte_alignment = 102400;
+            uint byte_alignment = 102400;
             uint address = MemoryAddress;
-            int _bytesToRead = bytesToRead;
+            uint _bytesToRead = bytesToRead;
             byte[] buffer = new byte[] { };
             try
             {
@@ -330,7 +252,7 @@
                     BinaryWriter bw = new BinaryWriter(fs);
                     //foreach (byte b in data) { bw.Write(b); }
 
-                    for (int i = 0; i <= bytesToRead; )
+                    for (uint i = 0; i <= bytesToRead; )
                     {
                         if (_bytesToRead < byte_alignment)
                         {

 

  ViewVC Help
Powered by ViewVC 1.1.22