General
armorfid (11-23-2011),bobsd (11-29-2013),DecoderBack (05-26-2011),F4DE (09-10-2016),kilerpro (06-03-2011),P5yl0 (12-02-2012),sakinoakura (09-03-2012),xXFleshpoundXx (12-22-2012)
Results 1 to 11 of 11
-
05-25-2011 #1Choob
- Join Date
- May 2010
- Gender
- Posts
- 32
- Reputation
10- Thanks
- 12
- My Mood
-
C# WriteProcessMemory/ReadProcessMemory
This is my private code that i've decided to give out as i don't hack as much anymore.
To use this you add the following namespace to your application
to make a instance of it you doCode:using ReadWriteMemory;
To make the ProcessMemory active add this after your InitilizeComponent()Code:ProcessMemory Mem = new ProcessMemory(/*Process Name*/);
Code:If(!Mem.CheckProcess()) MessageBox.Show("Make sure your application is running or try running this as Admin"); else Mem.StartProcess();Code:using System.Diagnostics; using System****ntime.InteropServices; using System; using System.Windows.Forms; using System.Media; using System.Text; using System.Threading; namespace ReadWriteMemory { internal class ProcessMemory { // Fields protected int BaseAddress; protected Process[] MyProcess; protected ProcessModule myProcessModule; private const uint PAGE_EXECUTE = 16; private const uint PAGE_EXECUTE_READ = 32; private const uint PAGE_EXECUTE_READWRITE = 64; private const uint PAGE_EXECUTE_WRITECOPY = 128; private const uint PAGE_GUARD = 256; private const uint PAGE_NOACCESS = 1; private const uint PAGE_NOCACHE = 512; private const uint PAGE_READONLY = 2; private const uint PAGE_READWRITE = 4; private const uint PAGE_WRITECOPY = 8; private const uint PROCESS_ALL_ACCESS = 2035711; protected int processHandle; protected string ProcessName; // Methods public ProcessMemory(string pProcessName) { this.ProcessName = pProcessName; } public bool CheckProcess() { return (Process.GetProcessesByName(this.ProcessName).Length > 0); } [DllImport("kernel32.dll")] public static extern bool CloseHandle(int hObject); public string CutString(string mystring) { char[] chArray = mystring.ToCharArray(); string str = ""; for (int i = 0; i < mystring.Length; i++) { if ((chArray[i] == ' ') && (chArray[i + 1] == ' ')) { return str; } if (chArray[i] == '\0') { return str; } str = str + chArray[i].ToString(); } return mystring.TrimEnd(new char[] { '0' }); } public int DllImageAddress(string dllname) { ProcessModuleCollection modules = this.MyProcess[0].Modules; foreach (ProcessModule procmodule in modules) { if (dllname == procmodule.ModuleName) { return (int)procmodule.BaseAddress; } } return -1; } [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)] public static extern int FindWindowByCaption(int ZeroOnly, string lpWindowName); public int ImageAddress() { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return this.BaseAddress; } public int ImageAddress(int pOffset) { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return (pOffset + this.BaseAddress); } public string MyProcessName() { return this.ProcessName; } [DllImport("kernel32.dll")] public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); public int Pointer(bool AddToImageAddress, int pOffset) { return this.ReadInt(this.ImageAddress(pOffset)); } public int Pointer(string Module, int pOffset) { return this.ReadInt(this.DllImageAddress(Module) + pOffset); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2) { //look at this shit, it doesnt even have a if statement if (AddToImageAddress) return (this.ReadInt(this.ImageAddress() + pOffset) + pOffset2); else return (this.ReadInt(pOffset) + pOffset2); } public int Pointer(string Module, int pOffset, int pOffset2) { return (this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public byte ReadByte(int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, pOffset, buffer, 1, 0); return buffer[0]; } public byte ReadByte(bool AddToImageAddress, int pOffset) { byte[] buffer = new byte[1]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, 1, 0); return buffer[0]; } public byte ReadByte(string Module, int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, this.DllImageAddress(Module) + pOffset, buffer, 1, 0); return buffer[0]; } public float ReadFloat(int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4), 0); } public float ReadFloat(bool AddToImageAddress, int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public float ReadFloat(string Module, int pOffset) { return BitConverter.ToSingle(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public int ReadInt(int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4), 0); } public int ReadInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public int ReadInt(string Module, int pOffset) { return BitConverter.ToInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public byte[] ReadMem(int pOffset, int pSize) { byte[] buffer = new byte[pSize]; ReadProcessMemory(this.processHandle, pOffset, buffer, pSize, 0); return buffer; } public byte[] ReadMem(int pOffset, int pSize, bool AddToImageAddress) { byte[] buffer = new byte[pSize]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, pSize, 0); return buffer; } [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead); public short ReadShort(int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2), 0); } public short ReadShort(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2, AddToImageAddress), 0); } public short ReadShort(string Module, int pOffset) { return BitConverter.ToInt16(this.ReadMem(this.DllImageAddress(Module) + pOffset, 2), 0); } public string ReadStringAscii(int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringAscii(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringAscii(string Module, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public string ReadStringUnicode(int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringUnicode(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringUnicode(string Module, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public uint ReadUInt(int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4), 0); } public uint ReadUInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public uint ReadUInt(string Module, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public bool StartProcess() { if (this.ProcessName != "") { this.MyProcess = Process.GetProcessesByName(this.ProcessName); if (this.MyProcess.Length == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } this.processHandle = OpenProcess(2035711, false, this.MyProcess[0].Id); if (this.processHandle == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } return true; } MessageBox.Show("Define process name first!"); return false; } [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(int hProcess, int lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect); public void WriteByte(int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteByte(bool AddToImageAddress, int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes), AddToImageAddress); } public void WriteByte(string Module, int pOffset, byte pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteDouble(int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteDouble(bool AddToImageAddress, int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteDouble(string Module, int pOffset, double pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(bool AddToImageAddress, int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteFloat(string Module, int pOffset, float pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(bool AddToImageAddress, int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteInt(string Module, int pOffset, int pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteMem(int pOffset, byte[] pBytes) { WriteProcessMemory(this.processHandle, pOffset, pBytes, pBytes.Length, 0); } public void WriteMem(int pOffset, byte[] pBytes, bool AddToImageAddress) { int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; WriteProcessMemory(this.processHandle, lpBaseAddress, pBytes, pBytes.Length, 0); } [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten); public void WriteShort(int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteShort(bool AddToImageAddress, int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteShort(string Module, int pOffset, short pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteStringAscii(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringAscii(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringAscii(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringUnicode(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteUInt(int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteUInt(bool AddToImageAddress, int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteUInt(string Module, int pOffset, uint pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } // Nested Types [Flags] public enum ProcessAccessFlags : uint { All = 2035711, CreateThread = 2, DupHandle = 64, QueryInformation = 1024, SetInformation = 512, Synchronize = 1048576, Terminate = 1, VMOperation = 8, VMRead = 16, VMWrite = 32 } } }My C# Posts. (I code all my own code)
- Mouse Tracking Engine[Example]
Generic PCID Grabber
Basic Keyboard Hooks
C# Read/Write Process Memory
Coding Experiance:
- VB = None its GayShit.
- C# = 2 years (Indermediate/Advanced)
- C++ = 5 months (Beginner)
- HTML = 1 year (Beginner)
-
The Following 8 Users Say Thank You to Kantanomo For This Useful Post:
-
05-26-2011 #2Member
- Join Date
- May 2011
- Gender
- Posts
- 111
- Reputation
- 10
- Thanks
- 12
lolz,
it's really usefull bro
thanks for posting this !Last edited by DecoderBack; 05-26-2011 at 01:57 AM.
-
The Following User Says Thank You to DecoderBack For This Useful Post:
TonyMane() (03-15-2015)
-
05-26-2011 #3
ThreadstarterChoob
- Join Date
- May 2010
- Gender
- Posts
- 32
- Reputation
- 10
- Thanks
- 12
- My Mood
-
No problem i will prolly update it once in awhile with new stuff.
My C# Posts. (I code all my own code)
- Mouse Tracking Engine[Example]
Generic PCID Grabber
Basic Keyboard Hooks
C# Read/Write Process Memory
Coding Experiance:
- VB = None its GayShit.
- C# = 2 years (Indermediate/Advanced)
- C++ = 5 months (Beginner)
- HTML = 1 year (Beginner)
-
The Following User Says Thank You to Kantanomo For This Useful Post:
DecoderBack (05-29-2011)
-
05-29-2011 #4Member
- Join Date
- May 2011
- Gender
- Posts
- 111
- Reputation
- 10
- Thanks
- 12
Add me on msn later.
Originally Posted by Kantanomo
so we can talk.Thank you broLast edited by DecoderBack; 05-29-2011 at 06:06 AM.
-
06-21-2011 #5Expert Member
- Join Date
- Apr 2010
- Gender
- Posts
- 687
- Reputation
- 24
- Thanks
- 865
- My Mood
-
kind of ironic you say you code your own code.
I think you'l find kiwi coded that. It isnt even complete and outdated.
this.BaseAddress = 0;
this.myProcessModule = this.MyProcess[0].MainModule;
this.BaseAddress = (int)this.myProcessModule.BaseAddress;
return this.BaseAddress;
Who codes like this., looks like you used reflector to decompile an app and copy pasted.
small snippet from his old source.
Code:public bool StartProcess() { if (ProcessName != "") { MyProcess = Process.GetProcessesByName(ProcessName); if (MyProcess.Length == 0) { //MessageBox.Show(ProcessName + " Process Not Found", "Error, Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Stop); return (false); } processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, MyProcess[0].Id); if (processHandle == 0) { //MessageBox.Show(ProcessName + " Process Not Found", "Error, Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Stop); //return (false); } return (true); } else { MessageBox.Show("Define process name first"); return (false); } } public int ImageAddress() { Int32 Address; BaseAddress = (int)0; myProcessModule = MyProcess[0].MainModule; BaseAddress = (int)myProcessModule.BaseAddress; Address = (Int32)BaseAddress; return ((int)Address); } //Gets The Image Address public int ImageAddress(int pOffset) { Int32 Address; BaseAddress = (int)0; myProcessModule = MyProcess[0].MainModule; BaseAddress = (int)myProcessModule.BaseAddress; Address = (int)pOffset + (int)BaseAddress; return ((int)Address); }
-
06-21-2011 #6Dual-Keyboard Member
- Join Date
- Mar 2008
- Gender
- Location
- Posts
- 360
- Reputation
- 6
- Thanks
- 153
@Pingo Originally Posted by Pingo
i dont see
This.BaseAddress in his code... i only see it in your post... and no he havent edited it out because else we would see a message saying that it was edited x time ago by x person ...Last edited by gotter; 06-21-2011 at 10:02 AM.
-
06-21-2011 #7Expert Member
- Join Date
- Apr 2010
- Gender
- Posts
- 687
- Reputation
- 24
- Thanks
- 865
- My Mood
-
I can still see it now. I copy pasted from his post.
public int ImageAddress()
Also half of the code is like that. The only part not in kiwi's source is the ? : operators.
Everything else is the same.
Doesnt matter anyway, i just wanted to point it out. I know kiwi wouldnt care.
But the code does work good. I used it for a good 6 months before i updated.
-
06-21-2011 #8Hung like a rabbit
- Join Date
- Apr 2010
- Gender
- Location
- Posts
- 5,704
- Reputation
918- Thanks
- 7,676
- My Mood
-
Um, using the 'this' keyword is a standard coding technique that most programmers use to explicitly refer to the current instance of the class. Don't see how it relates to reflector at all. Originally Posted by Pingo
-
06-21-2011 #9Expert Member
- Join Date
- Apr 2010
- Gender
- Posts
- 687
- Reputation
- 24
- Thanks
- 865
- My Mood
-
Forget what i sad about 'this', im a noob coder.
Maybe he did add it but the code was still copied from a different source.
I was only pointing out that the code wasnt done by him, yet his sig says it is.
What would you do if someone claimed one of your projects?
I'v had it done to me. Im just letting people know.
ahh doesnt matter really, atleast he shares it.
-
06-21-2011 #10Hung like a rabbit
- Join Date
- Apr 2010
- Gender
- Location
- Posts
- 5,704
- Reputation
- 918
- Thanks
- 7,676
- My Mood
-
It's pretty standard read/write code though :/ Originally Posted by Pingo
You can win the rat race, Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
-
09-03-2012 #11Member
- Join Date
- Aug 2012
- Gender
- Posts
- 16
- Reputation
- 10
- Thanks
- 2
- My Mood
-
Hi guys,
I've previously been using another Read Process Memory routine (actually I got it from here in this thread)
https://www.mpgh.net/forum/250-c-prog...l-pointer.html
And it works ok.
Having said that I'd also like to try this one as it has more features.
Could anyone provide an example of how to actually use this routine now that all the code is plugged into to my compiler?
I have code to retrieve c++ multi Level pointers but c# is a bit different.
This was how I was retrieving a 2 level in C++ with no probs
int value;
int readbasepointer = 0x0763BA0; // Base of MultiLevel
int pAddress1;
int pAddress2;
int offset1 = 0x10; // 1st level
int offset2 = 0x100; // 2nd level
ReadProcessMemory(phandle,(void*)(readbasepointer) ,&pAddress1,sizeof(pAddress1),0);
ReadProcessMemory(phandle,(void*)(pAddress1 + offset1),&pAddress2,sizeof(pAddress2),0);
ReadProcessMemory(phandle,(void*)(pAddress2 + offset2),&value,sizeof(value),0);
This felt quite intuitive as I was easily able to retrieve not only the memory address but also the contents of what that memory address held.
I am sure its all straightforward and the example code provided by Kantanomo looks clear but it stops short of actually showing any examples of the actual retrieval process.
Therefore could someone give me a c# example of how to do what I was doing in c++ above in the context this routine.?
Thanks in advance.