Write Process Memory 64bit

**normiescum** · 11-06-2016

Trying to code a tool. Got the main part of the code from mpgh have had it saved for ages can't remember where exactly I got it from though. It's all working for 32bit applications but I can not add the addresses 64bit ones without getting an error due to them being 64bit. Have tried to write them as int64 to avoid this and built successfully however it simply did not work I think I'm just doing something stupid can someone take a look at the code for me and help me out it's been quite a while my last release was in 2009. ps this is the working code for writing 32bit addresses.

' Memory Module

Option Strict On

Imports System.Runtime.InteropServices
Imports System.Text

Module MemoryModule
<DllImport("kernel32.dll")>
Private Function OpenProcess(ByVal dwDesiredAccess As UInteger, <MarshalAs(UnmanagedType.Bool)> ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As IntPtr
End Function

<DllImport("kernel32.dll", SetLastError:=True)>
Private Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As IntPtr, <Out()> ByRef lpNumberOfBytesWritten As IntPtr) As Boolean
End Function

<DllImport("kernel32.dll", SetLastError:=True)>
Private Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As IntPtr, ByRef lpNumberOfBytesRead As IntPtr) As Boolean
End Function

<DllImport("kernel32.dll", SetLastError:=True)>
Private Function CloseHandle(ByVal hObject As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
End Function

Private Const PROCESS_VM_WRITE As UInteger = &H20
Private Const PROCESS_VM_READ As UInteger = &H10
Private Const PROCESS_VM_OPERATION As UInteger = &H8
Private Const TargetProcess As String = "tetris"
Private ProcessHandle As IntPtr = IntPtr.Zero
Private LastKnownPID As Integer = -1

Public Function ReadMemory(Of T)(ByVal address As Integer) As T
Return ReadMemory(Of T)(address, 0, False)
End Function

Public Function ReadMemory(ByVal address As Integer, ByVal length As Integer) As Byte()
Return ReadMemory(Of Byte())(address, length, False)
End Function

Private Function ProcessIDExists(ByVal pID As Integer) As Boolean
For Each p As Process In Process.GetProcessesByName(TargetProcess)
If p.Id = pID Then Return True
Next
Return False
End Function

Private Function UpdateProcessHandle() As Boolean
If LastKnownPID = -1 OrElse Not ProcessIDExists(LastKnownPID) Then
If ProcessHandle <> IntPtr.Zero Then CloseHandle(ProcessHandle)
Dim p() As Process = Process.GetProcessesByName(TargetProcess)
If p.Length = 0 Then Return False
LastKnownPID = p(0).Id
ProcessHandle = OpenProcess(PROCESS_VM_READ Or PROCESS_VM_WRITE Or PROCESS_VM_OPERATION, False, p(0).Id)
If ProcessHandle = IntPtr.Zero Then Return False
End If
Return True
End Function

Public Function ReadMemory(Of T)(ByVal address As Integer, ByVal length As Integer, ByVal unicodeString As Boolean) As T
Dim buffer() As Byte
If GetType(T) Is GetType(String) Then
If unicodeString Then buffer = New Byte(length * 2 - 1) {} Else buffer = New Byte(length - 1) {}
ElseIf GetType(T) Is GetType(Byte()) Then
buffer = New Byte(length - 1) {}
Else
buffer = New Byte(Marshal.SizeOf(GetType(T)) - 1) {}
End If
If Not UpdateProcessHandle() Then Return Nothing
Dim success As Boolean = ReadProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(buffer.Length), IntPtr.Zero)
If Not success Then Return Nothing
If GetType(T) Is GetType(Byte()) Then Return CType(CType(buffer, Object), T)
If GetType(T) Is GetType(String) Then
If unicodeString Then Return CType(CType(Encoding.Unicode.GetString(buffer), Object), T)
Return CType(CType(Encoding.ASCII.GetString(buffer), Object), T)
End If
Dim gcHandle As GCHandle = GCHandle.Alloc(buffer, GCHandleType.Pinned)
Dim returnObject As T
returnObject = CType(Marshal.PtrToStructure(gcHandle.AddrOfPinned Object, GetType(T)), T)
gcHandle.Free()
Return returnObject
End Function

Private Function GetObjectBytes(ByVal value As Object) As Byte()
If value.GetType() Is GetType(Byte()) Then Return CType(value, Byte())
Dim buffer(Marshal.SizeOf(value) - 1) As Byte
Dim ptr As IntPtr = Marshal.AllocHGlobal(buffer.Length)
Marshal.StructureToPtr(value, ptr, True)
Marshal.Copy(ptr, buffer, 0, buffer.Length)
Marshal.FreeHGlobal(ptr)
Return buffer
End Function

Public Function WriteMemory(ByVal address As Integer, ByVal value As Object) As Boolean
Return WriteMemory(address, value, False)
End Function

Public Function WriteMemory(ByVal address As Integer, ByVal value As Object, ByVal unicode As Boolean) As Boolean
If Not UpdateProcessHandle() Then Return False
Dim buffer() As Byte
If TypeOf value Is String Then
If unicode Then buffer = Encoding.Unicode.GetBytes(value.ToString()) Else buffer = Encoding.ASCII.GetBytes(value.ToString())
Else
buffer = GetObjectBytes(value)
End If
Dim result As Boolean = WriteProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(buffer.Length), IntPtr.Zero)
Return result
End Function
End Module

'main form

Public Class Form1
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
WriteMemory(&H26E6AE0, 1) ' Writes the value as Integer 'gives error when 64bit address is used. When I tell it to treat it as int64 rather that integer it gives no error and builds but simply doesn't work
End Sub
End Class

all working in 32 bit programs but not 64 bit ones as I can't use a 64bit address without getting errors and I'm just doing something stupid when i try to change the code to write as long so I can actually import the 64bit address into the code for button1 as it simply does not work

- - - Updated - - -

tried changing Public Function WriteMemory(ByVal address As Integer, ByVal value As Object) As Boolean to Public Function WriteMemory(ByVal address As int64, ByVal value As Object) As Boolean on all the functions now I'm getting intptr errors in

Dim result As Boolean = WriteProcessMemory(ProcessHandle, New IntPtr(address), buffer, New IntPtr(buffer.Length), IntPtr.Zero)
Return resul