API tools faq
paste
Lyut

Untitled

Lyut
May 18th, 2013
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.64 KB | None | 0 0
raw download clone embed print report
  1. using System.Diagnostics;
  2. using System.Runtime.InteropServices;
  3. using System;
  4. using System.Windows.Forms;
  5. using System.Media;
  6. using System.Text;
  7. using System.Threading;
  8. namespace ReadWriteMemory
  9. {
  10. internal class ProcessMemory
  11. {
  12. // Fields
  13. protected int BaseAddress;
  14. protected Process[] MyProcess;
  15. protected ProcessModule myProcessModule;
  16. private const uint PAGE_EXECUTE = 16;
  17. private const uint PAGE_EXECUTE_READ = 32;
  18. private const uint PAGE_EXECUTE_READWRITE = 64;
  19. private const uint PAGE_EXECUTE_WRITECOPY = 128;
  20. private const uint PAGE_GUARD = 256;
  21. private const uint PAGE_NOACCESS = 1;
  22. private const uint PAGE_NOCACHE = 512;
  23. private const uint PAGE_READONLY = 2;
  24. private const uint PAGE_READWRITE = 4;
  25. private const uint PAGE_WRITECOPY = 8;
  26. private const uint PROCESS_ALL_ACCESS = 2035711;
  27. protected int processHandle;
  28. protected string ProcessName;
  29.  
  30. // Methods
  31. public ProcessMemory(string pProcessName)
  32. {
  33. this.ProcessName = pProcessName;
  34. }
  35.  
  36. public bool CheckProcess()
  37. {
  38. return (Process.GetProcessesByName(this.ProcessName).Length > 0);
  39. }
  40.  
  41. [DllImport("kernel32.dll")]
  42. public static extern bool CloseHandle(int hObject);
  43. public string CutString(string mystring)
  44. {
  45. char[] chArray = mystring.ToCharArray();
  46. string str = "";
  47. for (int i = 0; i < mystring.Length; i++)
  48. {
  49. if ((chArray[i] == ' ') && (chArray[i + 1] == ' '))
  50. {
  51. return str;
  52. }
  53. if (chArray[i] == '\0')
  54. {
  55. return str;
  56. }
  57. str = str + chArray[i].ToString();
  58. }
  59. return mystring.TrimEnd(new char[] { '0' });
  60. }
  61.  
  62. public int DllImageAddress(string dllname)
  63. {
  64. ProcessModuleCollection modules = this.MyProcess[0].Modules;
  65.  
  66. foreach (ProcessModule procmodule in modules)
  67. {
  68. if (dllname == procmodule.ModuleName)
  69. {
  70. return (int)procmodule.BaseAddress;
  71. }
  72. }
  73. return -1;
  74.  
  75. }
  76. [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)]
  77. public static extern int FindWindowByCaption(int ZeroOnly, string lpWindowName);
  78. public int ImageAddress()
  79. {
  80. this.BaseAddress = 0;
  81. this.myProcessModule = this.MyProcess[0].MainModule;
  82. this.BaseAddress = (int)this.myProcessModule.BaseAddress;
  83. return this.BaseAddress;
  84.  
  85.  
  86. }
  87.  
  88. public int ImageAddress(int pOffset)
  89. {
  90. this.BaseAddress = 0;
  91. this.myProcessModule = this.MyProcess[0].MainModule;
  92. this.BaseAddress = (int)this.myProcessModule.BaseAddress;
  93. return (pOffset + this.BaseAddress);
  94. }
  95. public string MyProcessName()
  96. {
  97. return this.ProcessName;
  98. }
  99.  
  100. [DllImport("kernel32.dll")]
  101. public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
  102. public int Pointer(bool AddToImageAddress, int pOffset)
  103. {
  104. return this.ReadInt(this.ImageAddress(pOffset));
  105. }
  106.  
  107. public int Pointer(string Module, int pOffset)
  108. {
  109. return this.ReadInt(this.DllImageAddress(Module) + pOffset);
  110. }
  111.  
  112. public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2)
  113. {
  114. //look at this shit, it doesnt even have a if statement
  115. if (AddToImageAddress)
  116. return (this.ReadInt(this.ImageAddress() + pOffset) + pOffset2);
  117. else
  118. return (this.ReadInt(pOffset) + pOffset2);
  119. }
  120.  
  121. public int Pointer(string Module, int pOffset, int pOffset2)
  122. {
  123. return (this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2);
  124. }
  125.  
  126. public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3)
  127. {
  128. return (this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3);
  129. }
  130.  
  131. public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3)
  132. {
  133. return (this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3);
  134. }
  135.  
  136. public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4)
  137. {
  138. return (this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4);
  139. }
  140.  
  141. public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4)
  142. {
  143. return (this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4);
  144. }
  145.  
  146. public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5)
  147. {
  148. return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5);
  149. }
  150.  
  151. public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5)
  152. {
  153. return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5);
  154. }
  155.  
  156. public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6)
  157. {
  158. return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6);
  159. }
  160.  
  161. public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6)
  162. {
  163. return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6);
  164. }
  165.  
  166. public byte ReadByte(int pOffset)
  167. {
  168. byte[] buffer = new byte[1];
  169. ReadProcessMemory(this.processHandle, pOffset, buffer, 1, 0);
  170. return buffer[0];
  171. }
  172.  
  173. public byte ReadByte(bool AddToImageAddress, int pOffset)
  174. {
  175. byte[] buffer = new byte[1];
  176. int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
  177. ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, 1, 0);
  178. return buffer[0];
  179. }
  180.  
  181. public byte ReadByte(string Module, int pOffset)
  182. {
  183. byte[] buffer = new byte[1];
  184. ReadProcessMemory(this.processHandle, this.DllImageAddress(Module) + pOffset, buffer, 1, 0);
  185. return buffer[0];
  186. }
  187.  
  188. public float ReadFloat(int pOffset)
  189. {
  190. return BitConverter.ToSingle(this.ReadMem(pOffset, 4), 0);
  191. }
  192.  
  193. public float ReadFloat(bool AddToImageAddress, int pOffset)
  194. {
  195. return BitConverter.ToSingle(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
  196. }
  197.  
  198. public float ReadFloat(string Module, int pOffset)
  199. {
  200. return BitConverter.ToSingle(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
  201. }
  202.  
  203. public int ReadInt(int pOffset)
  204. {
  205. return BitConverter.ToInt32(this.ReadMem(pOffset, 4), 0);
  206. }
  207.  
  208. public int ReadInt(bool AddToImageAddress, int pOffset)
  209. {
  210. return BitConverter.ToInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
  211. }
  212.  
  213. public int ReadInt(string Module, int pOffset)
  214. {
  215. return BitConverter.ToInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
  216. }
  217.  
  218. public byte[] ReadMem(int pOffset, int pSize)
  219. {
  220. byte[] buffer = new byte[pSize];
  221. ReadProcessMemory(this.processHandle, pOffset, buffer, pSize, 0);
  222. return buffer;
  223. }
  224.  
  225. public byte[] ReadMem(int pOffset, int pSize, bool AddToImageAddress)
  226. {
  227. byte[] buffer = new byte[pSize];
  228. int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
  229. ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, pSize, 0);
  230. return buffer;
  231. }
  232.  
  233. [DllImport("kernel32.dll")]
  234. public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead);
  235. public short ReadShort(int pOffset)
  236. {
  237. return BitConverter.ToInt16(this.ReadMem(pOffset, 2), 0);
  238. }
  239.  
  240. public short ReadShort(bool AddToImageAddress, int pOffset)
  241. {
  242. return BitConverter.ToInt16(this.ReadMem(pOffset, 2, AddToImageAddress), 0);
  243. }
  244.  
  245. public short ReadShort(string Module, int pOffset)
  246. {
  247. return BitConverter.ToInt16(this.ReadMem(this.DllImageAddress(Module) + pOffset, 2), 0);
  248. }
  249.  
  250. public string ReadStringAscii(int pOffset, int pSize)
  251. {
  252. return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize)));
  253. }
  254.  
  255. public string ReadStringAscii(bool AddToImageAddress, int pOffset, int pSize)
  256. {
  257. return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress)));
  258. }
  259.  
  260. public string ReadStringAscii(string Module, int pOffset, int pSize)
  261. {
  262. return this.CutString(Encoding.ASCII.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize)));
  263. }
  264.  
  265. public string ReadStringUnicode(int pOffset, int pSize)
  266. {
  267. return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize)));
  268. }
  269.  
  270. public string ReadStringUnicode(bool AddToImageAddress, int pOffset, int pSize)
  271. {
  272. return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress)));
  273. }
  274.  
  275. public string ReadStringUnicode(string Module, int pOffset, int pSize)
  276. {
  277. return this.CutString(Encoding.Unicode.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize)));
  278. }
  279.  
  280. public uint ReadUInt(int pOffset)
  281. {
  282. return BitConverter.ToUInt32(this.ReadMem(pOffset, 4), 0);
  283. }
  284.  
  285. public uint ReadUInt(bool AddToImageAddress, int pOffset)
  286. {
  287. return BitConverter.ToUInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
  288. }
  289.  
  290. public uint ReadUInt(string Module, int pOffset)
  291. {
  292. return BitConverter.ToUInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
  293. }
  294.  
  295. public bool StartProcess()
  296. {
  297. if (this.ProcessName != "")
  298. {
  299. this.MyProcess = Process.GetProcessesByName(this.ProcessName);
  300. if (this.MyProcess.Length == 0)
  301. {
  302. MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand);
  303. return false;
  304. }
  305. this.processHandle = OpenProcess(2035711, false, this.MyProcess[0].Id);
  306. if (this.processHandle == 0)
  307. {
  308. MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand);
  309. return false;
  310. }
  311. return true;
  312. }
  313. MessageBox.Show("Define process name first!");
  314. return false;
  315. }
  316.  
  317. [DllImport("kernel32.dll")]
  318. public static extern bool VirtualProtectEx(int hProcess, int lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect);
  319. public void WriteByte(int pOffset, byte pBytes)
  320. {
  321. this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes));
  322. }
  323.  
  324. public void WriteByte(bool AddToImageAddress, int pOffset, byte pBytes)
  325. {
  326. this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes), AddToImageAddress);
  327. }
  328.  
  329. public void WriteByte(string Module, int pOffset, byte pBytes)
  330. {
  331. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes((short)pBytes));
  332. }
  333.  
  334. public void WriteDouble(int pOffset, double pBytes)
  335. {
  336. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
  337. }
  338.  
  339. public void WriteDouble(bool AddToImageAddress, int pOffset, double pBytes)
  340. {
  341. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
  342. }
  343.  
  344. public void WriteDouble(string Module, int pOffset, double pBytes)
  345. {
  346. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
  347. }
  348.  
  349. public void WriteFloat(int pOffset, float pBytes)
  350. {
  351. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
  352. }
  353.  
  354. public void WriteFloat(bool AddToImageAddress, int pOffset, float pBytes)
  355. {
  356. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
  357. }
  358.  
  359. public void WriteFloat(string Module, int pOffset, float pBytes)
  360. {
  361. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
  362. }
  363.  
  364. public void WriteInt(int pOffset, int pBytes)
  365. {
  366. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
  367. }
  368.  
  369. public void WriteInt(bool AddToImageAddress, int pOffset, int pBytes)
  370. {
  371. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
  372. }
  373.  
  374. public void WriteInt(string Module, int pOffset, int pBytes)
  375. {
  376. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
  377. }
  378.  
  379. public void WriteMem(int pOffset, byte[] pBytes)
  380. {
  381. WriteProcessMemory(this.processHandle, pOffset, pBytes, pBytes.Length, 0);
  382. }
  383.  
  384. public void WriteMem(int pOffset, byte[] pBytes, bool AddToImageAddress)
  385. {
  386. int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
  387. WriteProcessMemory(this.processHandle, lpBaseAddress, pBytes, pBytes.Length, 0);
  388. }
  389.  
  390. [DllImport("kernel32.dll")]
  391. public static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten);
  392. public void WriteShort(int pOffset, short pBytes)
  393. {
  394. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
  395. }
  396.  
  397. public void WriteShort(bool AddToImageAddress, int pOffset, short pBytes)
  398. {
  399. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
  400. }
  401.  
  402. public void WriteShort(string Module, int pOffset, short pBytes)
  403. {
  404. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
  405. }
  406.  
  407. public void WriteStringAscii(int pOffset, string pBytes)
  408. {
  409. this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"));
  410. }
  411.  
  412. public void WriteStringAscii(bool AddToImageAddress, int pOffset, string pBytes)
  413. {
  414. this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"), AddToImageAddress);
  415. }
  416.  
  417. public void WriteStringAscii(string Module, int pOffset, string pBytes)
  418. {
  419. this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"));
  420. }
  421.  
  422. public void WriteStringUnicode(int pOffset, string pBytes)
  423. {
  424. this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"));
  425. }
  426.  
  427. public void WriteStringUnicode(bool AddToImageAddress, int pOffset, string pBytes)
  428. {
  429. this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"), AddToImageAddress);
  430. }
  431.  
  432. public void WriteStringUnicode(string Module, int pOffset, string pBytes)
  433. {
  434. this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"));
  435. }
  436.  
  437. public void WriteUInt(int pOffset, uint pBytes)
  438. {
  439. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
  440. }
  441.  
  442. public void WriteUInt(bool AddToImageAddress, int pOffset, uint pBytes)
  443. {
  444. this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
  445. }
  446.  
  447. public void WriteUInt(string Module, int pOffset, uint pBytes)
  448. {
  449. this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
  450. }
  451.  
  452. // Nested Types
  453. [Flags]
  454. public enum ProcessAccessFlags : uint
  455. {
  456. All = 2035711,
  457. CreateThread = 2,
  458. DupHandle = 64,
  459. QueryInformation = 1024,
  460. SetInformation = 512,
  461. Synchronize = 1048576,
  462. Terminate = 1,
  463. VMOperation = 8,
  464. VMRead = 16,
  465. VMWrite = 32
  466. }
  467. }
  468. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!