API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 1st, 2014
22
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 9.80 KB | None | 0 0
raw download clone embed print report
  1. Imports System.Runtime.InteropServices
  2. Imports System.Text
  3.  
  4. Module memory
  5.  
  6.     <DllImport("kernel32.dll")> _
  7.     Private Function OpenProcess(ByVal dwDesiredAccess As UInteger, <MarshalAs(UnmanagedType.Bool)> ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As IntPtr
  8.     End Function
  9.  
  10.     <DllImport("kernel32.dll", SetLastError:=True)> _
  11.     Private Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As IntPtr, <Out()> ByRef lpNumberOfBytesWritten As IntPtr) As Boolean
  12.     End Function
  13.  
  14.     <DllImport("kernel32.dll", SetLastError:=True)> _
  15.     Private Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As IntPtr, ByRef lpNumberOfBytesRead As IntPtr) As Boolean
  16.     End Function
  17.  
  18.     <DllImport("kernel32.dll", SetLastError:=True)> _
  19.     Private Function CloseHandle(ByVal hObject As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
  20.     End Function
  21.  
  22.     <DllImport("kernel32", CharSet:=CharSet.Auto, SetLastError:=True)> _
  23.     Public Function VirtualProtectEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, _
  24.     ByVal dwSize As IntPtr, ByVal flNewProtect As UInteger, _
  25.     ByRef lpflOldProtect As UInteger) As Boolean
  26.     End Function
  27.     <DllImport("kernel32.dll", SetLastError:=True, ExactSpelling:=True)> _
  28.     Public Function VirtualAllocEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, _
  29.      ByVal dwSize As UInteger, ByVal flAllocationType As UInteger, _
  30.      ByVal flProtect As UInteger) As IntPtr
  31.     End Function
  32.     'Declare Function VirtualProtectEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As IntPtr, ByVal newProtect As Integer, ByRef oldProtect As Integer) As Boolean
  33.     ' Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As IntPtr, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As IntPtr
  34.  
  35.  
  36.  
  37.     Private Const PROCESS_VM_WRITE As UInteger = &H20
  38.     Private Const PROCESS_VM_READ As UInteger = &H10
  39.     Private Const PROCESS_VM_OPERATION As UInteger = &H8
  40.     Private TargetProcess As String = ""
  41.     Private ProcessHandle As IntPtr = IntPtr.Zero
  42.     Private LastKnownPID As Integer = -1
  43.  
  44.     Public Sub SetProcessname(ByVal ProcessName As String)
  45.         If ProcessName.EndsWith(".exe") Then
  46.             ProcessName = ProcessName.Replace(".exe", "")
  47.         End If
  48.         TargetProcess = ProcessName
  49.     End Sub
  50.  
  51.     Sub RemoveProtection(ByVal AddressOfStart As Integer, ByVal SizeToRemoveProtectionInBytes As Integer)
  52.         For Each p As Process In Process.GetProcessesByName(TargetProcess)
  53.             Const PAGE_EXECUTE_READWRITE As Integer = &H40
  54.             Dim oldProtect As Integer
  55.             If Not VirtualProtectEx(p.Handle, New IntPtr(AddressOfStart), New IntPtr(SizeToRemoveProtectionInBytes), PAGE_EXECUTE_READWRITE, oldProtect) Then Throw New Exception
  56.             p.Dispose()
  57.         Next
  58.     End Sub
  59.  
  60.     Sub AllocMem(ByVal ProcessName As String, ByVal AddressOfStart As Integer, ByVal SizeOfAllocationInBytes As Integer)
  61.         For Each p As Process In Process.GetProcessesByName(ProcessName)
  62.             Const MEM_COMMIT As Integer = &H1000
  63.             Const PAGE_EXECUTE_READWRITE As Integer = &H40
  64.             Dim pBlob As IntPtr = VirtualAllocEx(p.Handle, New IntPtr(AddressOfStart), New IntPtr(SizeOfAllocationInBytes), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
  65.             If pBlob = IntPtr.Zero Then Throw New Exception
  66.             p.Dispose()
  67.         Next
  68.     End Sub
  69.     Public Function ReadMemory(Of T)(ByVal address As Long) As T
  70.         Return ReadMemory(Of T)(address, 0, False)
  71.     End Function
  72.  
  73.     Public Function ReadMemory(ByVal address As Long, ByVal length As Integer) As Byte()
  74.         Return ReadMemory(Of Byte())(address, length, False)
  75.     End Function
  76.  
  77.     Private Function ProcessIDExists(ByVal pID As Integer) As Boolean
  78.         For Each p As Process In Process.GetProcessesByName(TargetProcess)
  79.  
  80.             If p.Id = pID Then Return True
  81.         Next
  82.         Return False
  83.     End Function
  84.  
  85.     Public Function UpdateProcessHandle() As Boolean
  86.         Try
  87.  
  88.             If LastKnownPID = -1 OrElse Not ProcessIDExists(LastKnownPID) Then
  89.                 If ProcessHandle <> IntPtr.Zero Then CloseHandle(ProcessHandle)
  90.                 Dim p() As Process = Process.GetProcessesByName(TargetProcess)
  91.                 If p.Length = 0 Then Return False
  92.                 LastKnownPID = p(0).Id
  93.                 ProcessHandle = OpenProcess(PROCESS_VM_READ Or PROCESS_VM_WRITE Or PROCESS_VM_OPERATION, False, p(0).Id)
  94.                 If ProcessHandle = IntPtr.Zero Then Return False
  95.             End If
  96.  
  97.             Return True
  98.  
  99.         Catch ex As Exception
  100.             Return False
  101.         End Try
  102.     End Function
  103.  
  104.  
  105.     Public Function ReadMemory(Of T)(ByVal address As Long, ByVal length As Integer, ByVal unicodeString As Boolean) As T
  106.         Dim buffer() As Byte
  107.         If GetType(T) Is GetType(String) Then
  108.             If unicodeString Then buffer = New Byte(length * 2 - 1) {} Else buffer = New Byte(length - 1) {}
  109.         ElseIf GetType(T) Is GetType(Byte()) Then
  110.             buffer = New Byte(length - 1) {}
  111.         Else
  112.             buffer = New Byte(Marshal.SizeOf(GetType(T)) - 1) {}
  113.         End If
  114.         If Not UpdateProcessHandle() Then Return Nothing
  115.         Dim success As Boolean = ReadProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(buffer.Length), IntPtr.Zero)
  116.         If Not success Then Return Nothing
  117.         If GetType(T) Is GetType(Byte()) Then Return CType(CType(buffer, Object), T)
  118.         Dim gcHandle As GCHandle = gcHandle.Alloc(buffer, GCHandleType.Pinned)
  119.         Dim returnObject As T
  120.         returnObject = CType(Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject, GetType(T)), T)
  121.         gcHandle.Free()
  122.         Return returnObject
  123.     End Function
  124.  
  125.     Private Function GetObjectBytes(ByVal value As Object) As Byte()
  126.         If value.GetType() Is GetType(Byte()) Then Return CType(value, Byte())
  127.         Dim buffer(Marshal.SizeOf(value) - 1) As Byte
  128.         Dim ptr As IntPtr = Marshal.AllocHGlobal(buffer.Length)
  129.         Marshal.StructureToPtr(value, ptr, True)
  130.         Marshal.Copy(ptr, buffer, 0, buffer.Length)
  131.         Marshal.FreeHGlobal(ptr)
  132.         Return buffer
  133.     End Function
  134.  
  135.     Public Function WriteMemory(ByVal address As Long, ByVal value As Object) As Boolean
  136.         Return WriteMemory(address, value, False)
  137.     End Function
  138.  
  139.     Public Function WriteMemory(ByVal address As Long, ByVal value As Object, ByVal unicode As Boolean, Optional ByVal size As Integer = 0) As Boolean
  140.         If Not UpdateProcessHandle() Then Return False
  141.         Dim buffer() As Byte
  142.         Dim result As Boolean
  143.         If TypeOf value Is String Then
  144.             If unicode Then buffer = Encoding.Unicode.GetBytes(value.ToString()) Else buffer = Encoding.ASCII.GetBytes(value.ToString())
  145.         Else
  146.             buffer = GetObjectBytes(value)
  147.         End If
  148.         If size = 0 Then
  149.             result = WriteProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(buffer.Length), IntPtr.Zero)
  150.         Else
  151.             result = WriteProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(size), IntPtr.Zero)
  152.         End If
  153.  
  154.         Return result
  155.     End Function
  156.  
  157.     Public Function GetBaseAddress(ByVal MyProcess As String) As Integer
  158.         Dim p As Process() = Process.GetProcessesByName(MyProcess)
  159.         Dim pID As IntPtr = p(0).Handle
  160.         Dim base As IntPtr = p(0).MainModule.BaseAddress
  161.         Return CInt(base)
  162.     End Function
  163.     Public Function FindMyAddress(ByVal moduleName As String, _
  164.                                   ByVal StaticPointer As IntPtr, ByVal Offsets() As String) As IntPtr
  165.  
  166.         Dim Address As IntPtr
  167.         Dim tmp(IntPtr.Size - 1) As Byte
  168.  
  169.         Try
  170.             Dim running As Process() = Process.GetProcessesByName(TargetProcess)
  171.             If running.Length > 0 Then
  172.                 Dim target As Process = running(0)
  173.                 Dim targetModule As ProcessModule = (From pm In target.Modules _
  174.                                                      Where pm.ModuleName.ToLower().Equals(moduleName.ToLower()) _
  175.                                                      Select pm).FirstOrDefault()
  176.                 If targetModule IsNot Nothing Then
  177.                     Address = targetModule.BaseAddress
  178.  
  179.                     If IntPtr.Size = 4 Then
  180.                         Address = New IntPtr(Address.ToInt32 + StaticPointer.ToInt32)
  181.                     Else
  182.                         Address = New IntPtr(Address.ToInt64 + StaticPointer.ToInt64)
  183.                     End If
  184.                     If Not Offsets(0) = "none" Then
  185.                         For i As Integer = 0 To Offsets.Length - 1
  186.                             ReadProcessMemory(running(0).Handle, Address, tmp, IntPtr.Size, 0)
  187.                             If IntPtr.Size = 4 Then
  188.                                 Dim i32 As Int32 = Int(Offsets(i))
  189.                                 Address = BitConverter.ToInt32(tmp, 0) + i32
  190.                             Else
  191.                                 Dim i64 As Int64 = Int(Offsets(i))
  192.                                 Address = BitConverter.ToInt64(tmp, 0) + i64
  193.                             End If
  194.                         Next
  195.                     End If
  196.  
  197.  
  198.                     Return Address
  199.                 End If
  200.             Else
  201.                 Return IntPtr.Zero ' Throw New ArgumentOutOfRangeException("Target process is not running")
  202.             End If
  203.  
  204.         Catch ex As Exception
  205.             ' MessageBox.Show(TargetProcess.ToString & " is not running!")
  206.         End Try
  207.         Return IntPtr.Zero
  208.     End Function
  209. End Module
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!