API tools faq
paste
Advertisement
Guest User

Ultra Mem Lib:

a guest
Jun 25th, 2018
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.92 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics;
  4. using System.Linq;
  5. using System.Runtime.InteropServices;
  6. using System.Text;
  7.  
  8. namespace Memory
  9. {
  10. public class UltraMemLib:
  11. {
  12. private const int PROCESS_CREATE_THREAD = 2;
  13.  
  14. private const int PROCESS_QUERY_INFORMATION = 1024;
  15.  
  16. private const int PROCESS_VM_OPERATION = 8;
  17.  
  18. private const int PROCESS_VM_WRITE = 32;
  19.  
  20. private const int PROCESS_VM_READ = 16;
  21.  
  22. private const uint MEM_COMMIT = 4096u;
  23.  
  24. private const uint MEM_RESERVE = 8192u;
  25.  
  26. private const uint PAGE_READWRITE = 4u;
  27.  
  28. public static IntPtr pHandle;
  29.  
  30. public Process procs = null;
  31.  
  32. public Dictionary<string, IntPtr> modules = new Dictionary<string, IntPtr>();
  33.  
  34. private ProcessModule mainModule;
  35.  
  36. [DllImport("kernel32.dll")]
  37. public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, int dwProcessId);
  38.  
  39. [DllImport("kernel32.dll")]
  40. private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, string lpBuffer, UIntPtr nSize, out IntPtr lpNumberOfBytesWritten);
  41.  
  42. [DllImport("kernel32.dll", CharSet = CharSet.Unicode)]
  43. private static extern uint GetPrivateProfileString(string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName);
  44.  
  45. [DllImport("kernel32.dll")]
  46. private static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [Out] byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesRead);
  47.  
  48. [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
  49. private static extern bool _CloseHandle(IntPtr hObject);
  50.  
  51. [DllImport("kernel32.dll")]
  52. public static extern int CloseHandle(IntPtr hObject);
  53.  
  54. [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
  55. public static extern IntPtr GetModuleHandle(string lpModuleName);
  56.  
  57. [DllImport("kernel32.dll")]
  58. private static extern bool WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesWritten);
  59.  
  60. public bool OpenGameProcess(int procID)
  61. {
  62. bool flag = procID != 0;
  63. bool result;
  64. if (flag)
  65. {
  66. this.procs = Process.GetProcessById(procID);
  67. bool flag2 = !this.procs.Responding;
  68. if (flag2)
  69. {
  70. result = false;
  71. }
  72. else
  73. {
  74. Mem.pHandle = Mem.OpenProcess(2035711u, 1, procID);
  75. this.mainModule = this.procs.MainModule;
  76. this.getModules();
  77. result = true;
  78. }
  79. }
  80. else
  81. {
  82. result = false;
  83. }
  84. return result;
  85. }
  86.  
  87. public void getModules()
  88. {
  89. bool flag = this.procs == null;
  90. if (!flag)
  91. {
  92. this.modules.Clear();
  93. foreach (ProcessModule processModule in this.procs.Modules)
  94. {
  95. bool flag2 = processModule.ModuleName != "" && processModule.ModuleName != null && !this.modules.ContainsKey(processModule.ModuleName);
  96. if (flag2)
  97. {
  98. this.modules.Add(processModule.ModuleName, processModule.BaseAddress);
  99. }
  100. }
  101. }
  102. }
  103.  
  104. public int getProcIDFromName(string name)
  105. {
  106. Process[] processes = Process.GetProcesses();
  107. Process[] array = processes;
  108. int result;
  109. for (int i = 0; i < array.Length; i++)
  110. {
  111. Process process = array[i];
  112. bool flag = process.ProcessName == name;
  113. if (flag)
  114. {
  115. result = process.Id;
  116. return result;
  117. }
  118. }
  119. result = 0;
  120. return result;
  121. }
  122.  
  123. public string LoadCode(string name, string file)
  124. {
  125. StringBuilder stringBuilder = new StringBuilder(1024);
  126. bool flag = file != "";
  127. if (flag)
  128. {
  129. uint privateProfileString = Mem.GetPrivateProfileString("codes", name, "", stringBuilder, (uint)file.Length, file);
  130. }
  131. else
  132. {
  133. stringBuilder.Append(name);
  134. }
  135. return stringBuilder.ToString();
  136. }
  137.  
  138. private UIntPtr LoadUIntPtrCode(string name, string path = "")
  139. {
  140. string text = this.LoadCode(name, path);
  141. string value = text.Substring(text.IndexOf('+') + 1);
  142. bool flag = string.IsNullOrEmpty(value);
  143. UIntPtr result;
  144. if (flag)
  145. {
  146. result = (UIntPtr)0uL;
  147. }
  148. else
  149. {
  150. int num = 0;
  151. bool flag2 = Convert.ToInt32(value, 16) > 0;
  152. if (flag2)
  153. {
  154. num = Convert.ToInt32(value, 16);
  155. }
  156. bool flag3 = text.Contains("base") || text.Contains("main");
  157. UIntPtr uIntPtr;
  158. if (flag3)
  159. {
  160. uIntPtr = (UIntPtr)((ulong)((long)((int)this.mainModule.BaseAddress + num)));
  161. }
  162. else
  163. {
  164. bool flag4 = !text.Contains("base") && !text.Contains("main") && text.Contains("+");
  165. if (flag4)
  166. {
  167. string[] array = text.Split(new char[]
  168. {
  169. '+'
  170. });
  171. bool flag5 = this.modules.Count == 0 || !this.modules.ContainsKey(array[0]);
  172. if (flag5)
  173. {
  174. this.getModules();
  175. }
  176. Debug.WriteLine("module=" + array[0]);
  177. IntPtr value2 = this.modules[array[0]];
  178. uIntPtr = (UIntPtr)((ulong)((long)((int)value2 + num)));
  179. }
  180. else
  181. {
  182. uIntPtr = (UIntPtr)((ulong)((long)num));
  183. }
  184. }
  185. result = uIntPtr;
  186. }
  187. return result;
  188. }
  189.  
  190. public string readString(string code, string file = "")
  191. {
  192. byte[] array = new byte[10];
  193. UIntPtr lpBaseAddress = this.getCode(code, file, 4);
  194. bool flag = !this.LoadCode(code, file).Contains(",");
  195. if (flag)
  196. {
  197. lpBaseAddress = this.LoadUIntPtrCode(code, file);
  198. }
  199. else
  200. {
  201. lpBaseAddress = this.getCode(code, file, 4);
  202. }
  203. bool flag2 = Mem.ReadProcessMemory(Mem.pHandle, lpBaseAddress, array, (UIntPtr)10uL, IntPtr.Zero);
  204. string result;
  205. if (flag2)
  206. {
  207. result = Encoding.UTF8.GetString(array);
  208. }
  209. else
  210. {
  211. result = "";
  212. }
  213. return result;
  214. }
  215.  
  216. public bool writeMemory(string code, string type, string write, string file = "")
  217. {
  218. byte[] lpBuffer = new byte[4];
  219. int num = 4;
  220. bool flag = !this.LoadCode(code, file).Contains(",");
  221. UIntPtr lpBaseAddress;
  222. if (flag)
  223. {
  224. lpBaseAddress = this.LoadUIntPtrCode(code, file);
  225. }
  226. else
  227. {
  228. lpBaseAddress = this.getCode(code, file, 4);
  229. }
  230. bool flag2 = type == "float";
  231. if (flag2)
  232. {
  233. lpBuffer = BitConverter.GetBytes(Convert.ToSingle(write));
  234. num = 4;
  235. }
  236. else
  237. {
  238. bool flag3 = type == "int";
  239. if (flag3)
  240. {
  241. lpBuffer = BitConverter.GetBytes(Convert.ToInt32(write));
  242. num = 4;
  243. }
  244. else
  245. {
  246. bool flag4 = type == "byte";
  247. if (flag4)
  248. {
  249. lpBuffer = new byte[1];
  250. lpBuffer = BitConverter.GetBytes(Convert.ToInt32(write));
  251. num = 1;
  252. }
  253. else
  254. {
  255. bool flag5 = type == "string";
  256. if (flag5)
  257. {
  258. lpBuffer = new byte[write.Length];
  259. lpBuffer = Encoding.UTF8.GetBytes(write);
  260. num = write.Length;
  261. }
  262. }
  263. }
  264. }
  265. return Mem.WriteProcessMemory(Mem.pHandle, lpBaseAddress, lpBuffer, (UIntPtr)((ulong)((long)num)), IntPtr.Zero);
  266. }
  267.  
  268. private UIntPtr getCode(string name, string path, int size = 4)
  269. {
  270. string text = this.LoadCode(name, path);
  271. bool flag = text == "";
  272. UIntPtr result;
  273. if (flag)
  274. {
  275. result = UIntPtr.Zero;
  276. }
  277. else
  278. {
  279. string text2 = text;
  280. bool flag2 = text.Contains("+");
  281. if (flag2)
  282. {
  283. text2 = text.Substring(text.IndexOf('+') + 1);
  284. }
  285. byte[] array = new byte[size];
  286. bool flag3 = text2.Contains(',');
  287. if (flag3)
  288. {
  289. List<int> list = new List<int>();
  290. string[] array2 = text2.Split(new char[]
  291. {
  292. ','
  293. });
  294. string[] array3 = array2;
  295. for (int i = 0; i < array3.Length; i++)
  296. {
  297. string value = array3[i];
  298. list.Add(Convert.ToInt32(value, 16));
  299. }
  300. int[] array4 = list.ToArray();
  301. bool flag4 = text.Contains("base") || text.Contains("main");
  302. if (flag4)
  303. {
  304. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)((int)this.mainModule.BaseAddress + array4[0]))), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  305. }
  306. else
  307. {
  308. bool flag5 = !text.Contains("base") && !text.Contains("main") && text.Contains("+");
  309. if (flag5)
  310. {
  311. string[] array5 = text.Split(new char[]
  312. {
  313. '+'
  314. });
  315. IntPtr value2 = this.modules[array5[0]];
  316. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)((int)value2 + array4[0]))), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  317. }
  318. else
  319. {
  320. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)array4[0])), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  321. }
  322. }
  323. uint num = BitConverter.ToUInt32(array, 0);
  324. UIntPtr uIntPtr = (UIntPtr)0uL;
  325. for (int j = 1; j < array4.Length; j++)
  326. {
  327. uIntPtr = new UIntPtr(num + Convert.ToUInt32(array4[j]));
  328. Mem.ReadProcessMemory(Mem.pHandle, uIntPtr, array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  329. num = BitConverter.ToUInt32(array, 0);
  330. }
  331. result = uIntPtr;
  332. }
  333. else
  334. {
  335. int num2 = Convert.ToInt32(text2, 16);
  336. bool flag6 = text.Contains("base") || text.Contains("main");
  337. if (flag6)
  338. {
  339. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)((int)this.mainModule.BaseAddress + num2))), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  340. }
  341. else
  342. {
  343. bool flag7 = !text.Contains("base") && !text.Contains("main") && text.Contains("+");
  344. if (flag7)
  345. {
  346. string[] array6 = text.Split(new char[]
  347. {
  348. '+'
  349. });
  350. IntPtr value3 = this.modules[array6[0]];
  351. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)((int)value3 + num2))), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  352. }
  353. else
  354. {
  355. Mem.ReadProcessMemory(Mem.pHandle, (UIntPtr)((ulong)((long)num2)), array, (UIntPtr)((ulong)((long)size)), IntPtr.Zero);
  356. }
  357. }
  358. uint value4 = BitConverter.ToUInt32(array, 0);
  359. UIntPtr uIntPtr2 = new UIntPtr(value4);
  360. value4 = BitConverter.ToUInt32(array, 0);
  361. result = uIntPtr2;
  362. }
  363. }
  364. return result;
  365. }
  366.  
  367. public void closeProcess()
  368. {
  369. Mem.CloseHandle(Mem.pHandle);
  370. }
  371. }
  372. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!