using System.Diagnostics; using System.Runtime.InteropServices; using System; using System.Windows.Forms; using System.Media; using System.Text; using System.Threading; namespace ReadWriteMemory { internal class ProcessMemory { // Fields protected int BaseAddress; protected Process[] MyProcess; protected ProcessModule myProcessModule; private const uint PAGE_EXECUTE = 16; private const uint PAGE_EXECUTE_READ = 32; private const uint PAGE_EXECUTE_READWRITE = 64; private const uint PAGE_EXECUTE_WRITECOPY = 128; private const uint PAGE_GUARD = 256; private const uint PAGE_NOACCESS = 1; private const uint PAGE_NOCACHE = 512; private const uint PAGE_READONLY = 2; private const uint PAGE_READWRITE = 4; private const uint PAGE_WRITECOPY = 8; private const uint PROCESS_ALL_ACCESS = 2035711; protected int processHandle; protected string ProcessName; // Methods public ProcessMemory(string pProcessName) { this.ProcessName = pProcessName; } public bool CheckProcess() { return (Process.GetProcessesByName(this.ProcessName).Length > 0); } [DllImport("kernel32.dll")] public static extern bool CloseHandle(int hObject); public string CutString(string mystring) { char[] chArray = mystring.ToCharArray(); string str = ""; for (int i = 0; i < mystring.Length; i++) { if ((chArray[i] == ' ') && (chArray[i + 1] == ' ')) { return str; } if (chArray[i] == '\0') { return str; } str = str + chArray[i].ToString(); } return mystring.TrimEnd(new char[] { '0' }); } public int DllImageAddress(string dllname) { ProcessModuleCollection modules = this.MyProcess[0].Modules; foreach (ProcessModule procmodule in modules) { if (dllname == procmodule.ModuleName) { return (int)procmodule.BaseAddress; } } return -1; } [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)] public static extern int FindWindowByCaption(int ZeroOnly, string lpWindowName); public int ImageAddress() { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return this.BaseAddress; } public int ImageAddress(int pOffset) { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return (pOffset + this.BaseAddress); } public string MyProcessName() { return this.ProcessName; } [DllImport("kernel32.dll")] public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); public int Pointer(bool AddToImageAddress, int pOffset) { return this.ReadInt(this.ImageAddress(pOffset)); } public int Pointer(string Module, int pOffset) { return this.ReadInt(this.DllImageAddress(Module) + pOffset); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2) { //look at this shit, it doesnt even have a if statement if (AddToImageAddress) return (this.ReadInt(this.ImageAddress() + pOffset) + pOffset2); else return (this.ReadInt(pOffset) + pOffset2); } public int Pointer(string Module, int pOffset, int pOffset2) { return (this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public byte ReadByte(int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, pOffset, buffer, 1, 0); return buffer[0]; } public byte ReadByte(bool AddToImageAddress, int pOffset) { byte[] buffer = new byte[1]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, 1, 0); return buffer[0]; } public byte ReadByte(string Module, int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, this.DllImageAddress(Module) + pOffset, buffer, 1, 0); return buffer[0]; } public float ReadFloat(int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4), 0); } public float ReadFloat(bool AddToImageAddress, int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public float ReadFloat(string Module, int pOffset) { return BitConverter.ToSingle(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public int ReadInt(int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4), 0); } public int ReadInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public int ReadInt(string Module, int pOffset) { return BitConverter.ToInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public byte[] ReadMem(int pOffset, int pSize) { byte[] buffer = new byte[pSize]; ReadProcessMemory(this.processHandle, pOffset, buffer, pSize, 0); return buffer; } public byte[] ReadMem(int pOffset, int pSize, bool AddToImageAddress) { byte[] buffer = new byte[pSize]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, pSize, 0); return buffer; } [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead); public short ReadShort(int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2), 0); } public short ReadShort(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2, AddToImageAddress), 0); } public short ReadShort(string Module, int pOffset) { return BitConverter.ToInt16(this.ReadMem(this.DllImageAddress(Module) + pOffset, 2), 0); } public string ReadStringAscii(int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringAscii(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringAscii(string Module, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public string ReadStringUnicode(int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringUnicode(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringUnicode(string Module, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public uint ReadUInt(int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4), 0); } public uint ReadUInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public uint ReadUInt(string Module, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public bool StartProcess() { if (this.ProcessName != "") { this.MyProcess = Process.GetProcessesByName(this.ProcessName); if (this.MyProcess.Length == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } this.processHandle = OpenProcess(2035711, false, this.MyProcess[0].Id); if (this.processHandle == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } return true; } MessageBox.Show("Define process name first!"); return false; } [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(int hProcess, int lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect); public void WriteByte(int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteByte(bool AddToImageAddress, int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes), AddToImageAddress); } public void WriteByte(string Module, int pOffset, byte pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteDouble(int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteDouble(bool AddToImageAddress, int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteDouble(string Module, int pOffset, double pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(bool AddToImageAddress, int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteFloat(string Module, int pOffset, float pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(bool AddToImageAddress, int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteInt(string Module, int pOffset, int pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteMem(int pOffset, byte[] pBytes) { WriteProcessMemory(this.processHandle, pOffset, pBytes, pBytes.Length, 0); } public void WriteMem(int pOffset, byte[] pBytes, bool AddToImageAddress) { int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; WriteProcessMemory(this.processHandle, lpBaseAddress, pBytes, pBytes.Length, 0); } [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten); public void WriteShort(int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteShort(bool AddToImageAddress, int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteShort(string Module, int pOffset, short pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteStringAscii(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringAscii(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringAscii(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringUnicode(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteUInt(int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteUInt(bool AddToImageAddress, int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteUInt(string Module, int pOffset, uint pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } // Nested Types [Flags] public enum ProcessAccessFlags : uint { All = 2035711, CreateThread = 2, DupHandle = 64, QueryInformation = 1024, SetInformation = 512, Synchronize = 1048576, Terminate = 1, VMOperation = 8, VMRead = 16, VMWrite = 32 } } }