Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Imports System.Runtime.InteropServices
- Public Class Form1
- Dim Processz() As Process
- Dim indexlist As New List(Of Long)
- Dim hProcesz As Integer
- <StructLayout(LayoutKind.Sequential)> Public Structure MEMORY_BASIC_INFORMATION '64 Bit!
- Dim BaseAddress As IntPtr
- Dim Allocationbase As IntPtr
- Dim allocationprotect As UInt32
- Dim regionsize As IntPtr
- Dim state As UInt32
- Dim protect As UInt32
- Dim ltype As UInt32
- End Structure
- <StructLayout(LayoutKind.Sequential)> Structure SYSTEM_INFO '64 Bit!
- Dim OEMID As Integer
- Dim PageSize As Integer
- Dim MinAppAddress As IntPtr
- Dim MaxAppAddress As IntPtr
- Dim ActiveProcMask As IntPtr
- Dim NumberofProcessors As Integer
- Dim ProcessorType As Integer
- Dim AllocGranularity As Integer
- Dim ProcessorLEvel As Short
- Dim ProcessorReveision As Short
- End Structure
- Enum ProcessAccessFlags As UInteger
- All = &H1F0FFF
- Terminate = &H1
- CreateThread = &H2
- VMOperation = &H8
- VMRead = &H10
- VMWrite = &H20
- DupHandle = &H40
- SetInformation = &H200
- QueryInformation = &H400
- Synchronize = &H100000
- End Enum
- Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
- Processz = Process.GetProcesses
- For i = 0 To Processz.Length - 1
- ListBox1.Items.Add(Processz(i).ProcessName)
- Next
- End Sub
- Declare Auto Sub GetNativeSystemInfo Lib "Kernel32" (ByRef info As SYSTEM_INFO)
- <DllImport("kernel32.dll")>
- Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UInt32, ByRef lpNumberOfBytesRead As UInt32) As Boolean
- End Function
- <DllImport("kernel32.dll")>
- Public Shared Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UInt32, ByRef lpNumberOfBytesWritten As UInt32) As Boolean
- End Function
- <DllImport("kernel32.dll")>
- Private Shared Function OpenProcess(ByVal dwDesiredAccess As ProcessAccessFlags, <MarshalAs(UnmanagedType.Bool)> ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As IntPtr
- End Function
- <DllImport("kernel32.dll")>
- Private Shared Function VirtualQueryEx(ByVal hprocess As IntPtr, ByVal lpaddress As IntPtr, ByRef lpbuffer As MEMORY_BASIC_INFORMATION, ByVal dwlength As Long) As Long
- End Function
- Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListBox1.SelectedIndexChanged
- hProcesz = OpenProcess(ProcessAccessFlags.All, False, Processz(ListBox1.SelectedIndex).Id)
- Dim bytesread As UInteger = 0
- Dim success As Boolean
- Dim data As New List(Of Byte)
- Dim indexs As New List(Of Long)
- Dim address As Long
- Dim sysinfo As SYSTEM_INFO
- Dim meminfo As MEMORY_BASIC_INFORMATION
- Dim tempint As Integer = NumericUpDown1.Value
- GetNativeSystemInfo(sysinfo)
- address = sysinfo.MinAppAddress
- Do While address < 2147483647 '7FFFFFFF because 7FFFFFFF
- If VirtualQueryEx(hProcesz, address, meminfo, Marshal.SizeOf(meminfo)) <> 0 Then
- If (meminfo.ltype = 131072 Or meminfo.ltype = 16777216) And (meminfo.state = 4096 Or meminfo.state = 8192) Then
- 'Only a type of Private(131072) or Image(16777216) and only state of Commit(4096) and Reserve(8192) wanted.
- Dim bytez() As Byte = New Byte(meminfo.regionsize) {}
- success = ReadProcessMemory(hProcesz, meminfo.BaseAddress, bytez, meminfo.regionsize, bytesread)
- 'minappaddress > Memory areas
- 'Memory() > bytez
- If success = True Then
- For i = 0 To bytez.Length - 1
- If bytez(i) = tempint Then
- data.Add(bytez(i))
- indexs.Add(meminfo.BaseAddress + i)
- End If
- Next
- End If
- End If
- End If
- address = address + meminfo.regionsize
- If data.Count > 2000000 Then 'Make sure it doesn't go nuts.
- Exit Do
- End If
- Loop
- indexlist.Clear()
- For i = 0 To data.Count - 1
- indexlist.Add(indexs(i))
- Next
- Label1.Text = "Length: " & data.Count & " Found: " & indexlist.Count
- End Sub
- Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
- Dim bytesread As UInteger = 0
- Dim success As Boolean
- Dim data As New List(Of Byte)
- Dim newdata As New List(Of Byte)
- Dim indexs As New List(Of Long)
- Dim tempint As Integer = NumericUpDown1.Value
- Dim bytez() As Byte = New Byte(1) {}
- For i = 0 To indexlist.Count - 1
- success = ReadProcessMemory(hProcesz, indexlist(i), bytez, 1, bytesread)
- data.Add(bytez(0))
- indexs.Add(indexlist(i))
- Next
- indexlist.Clear()
- For i = 0 To indexs.Count - 1
- If data(i) = tempint Then
- newdata.Add(data(i))
- indexlist.Add(indexs(i))
- End If
- Next
- Dim maxshow As Integer = 100
- If indexlist.Count < 100 Then
- maxshow = indexlist.Count
- End If
- RichTextBox1.Text = ""
- For i = 0 To maxshow - 1
- RichTextBox1.AppendText(indexlist(i) & ": " & newdata(i) & Chr(13))
- Next
- Label1.Text = "Length: " & indexlist.Count
- End Sub
- Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
- Dim success As Boolean
- Dim bytez(0) As Byte
- Dim tempint As Byte = NumericUpDown1.Value
- bytez(0) = tempint
- Dim byteswrote As Integer
- success = WriteProcessMemory(hProcesz, indexlist(0), bytez, bytez.Length, byteswrote)
- End Sub
- End Class
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement