Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ''The required API's and structs/enums..
- Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer() As Byte, ByVal iSize As Int32, ByRef lpNumberOfBytesRead As Integer) As Boolean
- Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpbaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As Int32, ByRef dwNumberOfBytesWritten As Int32) As Boolean
- Public Declare Sub GetSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SystemInfo)
- Public Structure MemoryBasicInformation
- Dim BaseAddress As IntPtr
- Dim AllocationBase As IntPtr
- Dim AllocationProtect As UInt32
- Dim RegionSize As Int32
- Dim State As UInt32
- Dim Protect As UInt32
- Dim AllocationType As UInt32
- End Structure
- Public Structure SystemInfo
- Dim wProcessorArchitecture As Int16
- Dim wReserved As Int16
- Dim dwPageSize As Int32
- Dim lpMinimumApplicationAddress As IntPtr
- Dim lpMaximumApplicationAddress As IntPtr
- Dim dwActiveProcessorMask As Int32
- Dim dwNumberOfProcessors As Int32
- Dim dwProcessorType As Int32
- Dim dwAllocationGranularity As Int32
- Dim wProcessorLevel As Int16
- Dim wProcessorRevision As Int16
- End Structure
- Public Enum OpenProcessMemoryRights As UInt32
- PROCESS_ALL_ACCESS = &H1F0FFF 'xp only ? Should OR the different values..TODO:
- PROCESS_VM_OPERATION = &H8
- PROCESS_VM_READ = &H10
- PROCESS_VM_WRITE = &H20
- End Enum
- '' MemoryManager Class
- ''''''''''''''''''''''''''''''''''''''''''''''''''
- Public Class MemoryManager
- #Region "Private"
- Private _isAttached As Boolean = False '' Required for pretty much everything.
- Private _targetProcessID As Int32 = 0
- Private _targetProcess As New System.Diagnostics.Process
- Private _targetProcessHandle As IntPtr = IntPtr.Zero '' Obtained from Winapi.OpenProcess()
- Private _systemInfo As WinAPI.SystemInfo '' Useful information about cpu and ram.
- Private _mbiSize As Int32 = 0 '' SizeOf(WinAPI.MEMORY_BASIC_INFORMATION) in bytes.
- #End Region
- Public Sub New()
- ''Store these values in the class so they don't have to be calculated/looked up each time.
- WinAPI.GetSystemInfo(_systemInfo) '' Useful info about cpu and ram.
- _mbiSize = System.Runtime.InteropServices.Marshal.SizeOf(New WinAPI.MemoryBasicInformation) ''size in bytes
- End Sub
- #Region "Target Process"
- Public Function AttachToProcess(ByVal processID As Int32) As Boolean
- If _isAttached Then
- Return False '' and yet, IsAttached is True. Misleading.
- Else
- ''Does this processID exists? (ie. is that processID being used)
- For Each pp As Process In Process.GetProcesses
- 'Loop over list of all running processes and compare ID's
- If pp.Id = processID Then
- 'This is our target process
- _targetProcessHandle = WinAPI.OpenProcess(WinAPI.OpenProcessMemoryRights.PROCESS_ALL_ACCESS, False, processID)
- If _targetProcessHandle <> IntPtr.Zero Then '' SUCCESS
- _isAttached = True
- _targetProcessID = processID
- _targetProcess = pp
- Else
- _isAttached = False '' Fail. Current User Account can't do PROCESS_ALL_ACCESS ?
- System.Windows.Forms.MessageBox.Show("MemoryManager was unable to attach to the process." & Environment.NewLine _
- & "OpenProcess() Failed. Are you administrator?" & Environment.NewLine _
- & "Details: " & Environment.NewLine & Environment.NewLine _
- & "Window Title: " & CStr(IIf(String.IsNullOrEmpty(pp.MainWindowTitle), "No Window", pp.MainWindowTitle)) & Environment.NewLine _
- & "Process Name: " & pp.ProcessName & Environment.NewLine _
- & "Process ID: " & pp.Id.ToString, "MemoryManager Unknown Error")
- End If
- Exit For 'don't bother checking rest of processes
- End If
- Next
- ''If we get here the processID was not found. FAIL
- End If
- Return _isAttached
- End Function
- Public Sub DetachFromProcess()
- If _isAttached Then
- If Not WinAPI.CloseHandle(_targetProcessHandle) Then
- System.Windows.Forms.MessageBox.Show("MemoryManager Unable to detach from process. Unknown Error.", "MemoryManager Unknown Error") '' Does this happen / why ? (App. already closed?)
- '' TODO: call GetLastError(). Detach anyway.
- End If
- _isAttached = False
- End If
- End Sub
- Public ReadOnly Property IsAttached() As Boolean
- Get
- Return _isAttached
- End Get
- End Property
- Public ReadOnly Property TargetProcessID As Int32
- Get
- Return _targetProcessID
- End Get
- End Property
- #End Region
- #Region "Read"
- Public Function ReadByte(ByVal addr As IntPtr) As Byte
- Dim _byte(0) As Byte '' Awkward. Winapi function is declared as array() instead of as IntPtr.
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _byte, 1, New Int32)
- Return _byte(0)
- End Function
- Public Function ReadInt16(ByVal addr As IntPtr) As Int16
- Dim _bytes(1) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 2, New Int32)
- Return BitConverter.ToInt16(_bytes, 0)
- End Function
- Public Function ReadInt32(ByVal addr As IntPtr) As Int32
- Dim _bytes(3) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 4, New Int32)
- Return BitConverter.ToInt32(_bytes, 0)
- End Function
- Public Function ReadInt64(ByVal addr As IntPtr) As Int64
- Dim _bytes(7) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 8, New Int32)
- Return BitConverter.ToInt64(_bytes, 0)
- End Function
- Public Function ReadUInt16(ByVal addr As IntPtr) As UInt16
- Dim _bytes(1) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 2, New Int32)
- Return BitConverter.ToUInt16(_bytes, 0)
- End Function
- Public Function ReadUInt32(ByVal addr As IntPtr) As UInt32
- Dim _bytes(3) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 4, New Int32)
- Return BitConverter.ToUInt32(_bytes, 0)
- End Function
- Public Function ReadUInt64(ByVal addr As IntPtr) As UInt64
- Dim _bytes(7) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 8, New Int32)
- Return BitConverter.ToUInt64(_bytes, 0)
- End Function
- Public Function ReadFloat(ByVal addr As IntPtr) As Single
- Dim _bytes(3) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 4, New Int32)
- Return BitConverter.ToSingle(_bytes, 0)
- End Function
- Public Function ReadDouble(ByVal addr As IntPtr) As Double
- Dim _bytes(7) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, 8, New Int32)
- Return BitConverter.ToDouble(_bytes, 0)
- End Function
- Public Function ReadIntPtr(ByVal addr As IntPtr) As IntPtr
- Dim _bytes(IntPtr.Size - 1) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, IntPtr.Size, New Int32)
- If IntPtr.Size = 4 Then
- Return New IntPtr(BitConverter.ToUInt32(_bytes, 0))
- Else
- Return New IntPtr(BitConverter.ToInt64(_bytes, 0))
- End If
- End Function
- Public Function ReadAsciiString(ByVal addr As IntPtr, Optional ByVal maxLength As Int32 = 25) As String
- If _isAttached And maxLength > 0 Then
- Dim _bytes(maxLength - 1) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, maxLength, New Int32)
- Return System.Text.Encoding.ASCII.GetString(_bytes, 0, maxLength)
- Else
- Return String.Empty '' fail. not attached to any process (or maxLength = 0).
- End If
- End Function
- Public Function ReadUnicodeString(ByVal addr As IntPtr, Optional ByVal maxLength As Int32 = 25) As String
- If _isAttached And maxLength > 0 Then
- maxLength = maxLength * 2 '' 2 bytes per unicode character. (only utf16?!?) TODO: fix this function.
- Dim _bytes(maxLength - 1) As Byte
- WinAPI.ReadProcessMemory(_targetProcessHandle, addr, _bytes, maxLength, New Int32)
- Return System.Text.Encoding.Unicode.GetString(_bytes)
- Else
- Return String.Empty '' fail. not attached to any process (or maxLength = 0).
- End If
- End Function
- Public Function ReadBytes(ByVal addr As IntPtr, ByRef byteBuff() As Byte, ByVal size As Int32, ByRef actualBytesRead As Int32) As Boolean
- Return WinAPI.ReadProcessMemory(_targetProcessHandle, addr, byteBuff, size, actualBytesRead)
- End Function
- #End Region
- #Region "Write*"
- Public Function WriteByte(ByVal addr As IntPtr, ByVal aByte As Byte) As Boolean
- Dim _bts(0) As Byte '' Awkward. Winapi function is declared as array() instead of as IntPtr
- _bts(0) = aByte
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, _bts, 1, New Int32)
- End Function
- Public Function WriteInt16(ByVal addr As IntPtr, ByVal data As Int16) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 2, New Int32)
- End Function
- Public Function WriteUInt16(ByVal addr As IntPtr, ByVal data As UInt16) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 2, New Int32)
- End Function
- Public Function WriteInt32(ByVal addr As IntPtr, ByVal data As Int32) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 4, New Int32)
- End Function
- Public Function WriteInt64(ByVal addr As IntPtr, ByVal data As Int64) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 8, New Int32)
- End Function
- Public Function WriteUInt64(ByVal addr As IntPtr, ByVal data As UInt64) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 8, New Int32)
- End Function
- Public Function WriteFloat(ByVal addr As IntPtr, ByVal data As Single) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 4, New Int32)
- End Function
- Public Function WriteDouble(ByVal addr As IntPtr, ByVal data As Double) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, BitConverter.GetBytes(data), 8, New Int32)
- End Function
- Public Function WriteIntPtr(ByVal addr As IntPtr, ByVal ptr As IntPtr) As Boolean
- Dim _bytes(IntPtr.Size - 1) As Byte
- If IntPtr.Size = 4 Then
- _bytes = BitConverter.GetBytes(Convert.ToUInt32(ptr))
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, _bytes, 4, New Int32)
- Else
- _bytes = BitConverter.GetBytes(Convert.ToUInt64(ptr))
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, _bytes, 8, New Int32)
- End If
- End Function
- Public Function WriteAsciiString(ByVal addr As IntPtr, ByVal str As String, ByRef actualBytesWritten As UInt32) As Boolean
- Dim _bytes() As Byte = System.Text.Encoding.ASCII.GetBytes(str)
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, _bytes, _bytes.Length, New Int32)
- End Function
- Public Function WriteUnicodeString(ByVal addr As IntPtr, ByVal str As String) As Boolean
- Dim _bytes() As Byte = System.Text.Encoding.Unicode.GetBytes(str)
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, _bytes, _bytes.Length, New Int32) ' System.Text.Encoding.Unicode.GetBytes(str)
- End Function
- Public Function WriteBytes(ByVal addr As IntPtr, ByVal bytes() As Byte, ByRef actualBytesWritten As Int32) As Boolean
- Return WinAPI.WriteProcessMemory(_targetProcessHandle, addr, bytes, bytes.Length, actualBytesWritten)
- End Function
- #End Region
- End Class
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement