Results 1 to 6 of 6
  1. #1
    pohkak
    pohkak is offline
    Member-in-training pohkak's Avatar
    Join Date
    2010 Dec
    Posts
    171
    Thanks Thanks Given 
    29
    Thanks Thanks Received 
    10
    Thanked in
    10 Posts
    Rep Power
    0

    C#...ReadProcessMemory. ( Need Help)

    Доброго времени суток.

    Надеюсь получить небольшую помощь хоть и выглядит эта тема малопосещаемой .

    Как новичёк в C# для начала изучения я взялся за поиски и изучение простых примеров из интернета . Чтото простенькое ...например Чтение из памяти процесса.
    К сожалению в интернете можно найти множество гайдов но как назло не для c#.
    поэтому пытаюсь найти помощи в этой теме ...

    имея данный класс

    Code:
      class MemoryAPI
        {
            [Flags]
            public enum ProcessAccessType
            {
                PROCESS_TERMINATE = 0x0001,
                PROCESS_CREATE_THREAD = 0x0002,
                PROCESS_SET_SESSIONID = 0x0004,
                PROCESS_VM_OPERATION = 0x0008,
                PROCESS_VM_READ = 0x0010,
                PROCESS_VM_WRITE = 0x0020,
                PROCESS_DUP_HANDLE = 0x0040,
                PROCESS_CREATE_PROCESS = 0x0080,
                PROCESS_SET_QUOTA = 0x0100,
                PROCESS_SET_INFORMATION = 0x0200,
                PROCESS_QUERY_INFORMATION = 0x0400
            }
    
            [DllImport("kernel32.dll")]
            public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 CloseHandle(IntPtr hObject);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
    
            [DllImport("kernel32.dll")]
            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
        }
    Для чтения памяти процессов

    а также класс написанный неизвестным

    Code:
       public class Memory
        {
            public Memory()
            {
            }
    
            public Process ReadProcess
            {
                get
                {
                    return m_ReadProcess;
                }
                set
                {
                    m_ReadProcess = value;
                }
            }
            private Process m_ReadProcess = null;
            private IntPtr m_hProcess = IntPtr.Zero;
    
            public void Open()
            {
                MemoryAPI.ProcessAccessType access = MemoryAPI.ProcessAccessType.PROCESS_VM_READ
                | MemoryAPI.ProcessAccessType.PROCESS_VM_WRITE
                | MemoryAPI.ProcessAccessType.PROCESS_VM_OPERATION;
                m_hProcess = MemoryAPI.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
            }
    
            public void CloseHandle()
            {
                int iRetValue;
                iRetValue = MemoryAPI.CloseHandle(m_hProcess);
                if (iRetValue == 0)
                    throw new Exception("CloseHandle Failed");
            }
    
            public byte[] Read(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
            {
                byte[] buffer = new byte[bytesToRead];
                IntPtr ptrBytesRead;
                MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
                bytesRead = ptrBytesRead.ToInt32();
                return buffer;
            }
    
            public byte[] PointerRead(IntPtr MemoryAddress, uint bytesToRead, int[] Offset, out int bytesRead)
            {
                int iPointerCount = Offset.Length - 1;
                IntPtr ptrBytesRead;
                bytesRead = 0;
                byte[] buffer = new byte[4]; //DWORD to hold an Address 
                int tempAddress = 0;
    
                if (iPointerCount == 0)
                {
                    MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesRead);
                    tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[0]; //Final Address 
    
                    buffer = new byte[bytesToRead];
                    MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, bytesToRead, out ptrBytesRead);
    
                    bytesRead = ptrBytesRead.ToInt32();
                    return buffer;
                }
    
                for (int i = 0; i <= iPointerCount; i++)
                {
                    if (i == iPointerCount)
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesRead);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; //Final Address 
    
                        buffer = new byte[bytesToRead];
                        MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, bytesToRead, out ptrBytesRead);
    
                        bytesRead = ptrBytesRead.ToInt32();
                        return buffer;
                    }
                    else if (i == 0)
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesRead);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[1];
                    }
                    else
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesRead);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i];
                    }
                }
    
                return buffer;
            }
    
            public void Write(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
            {
                IntPtr ptrBytesWritten;
                MemoryAPI.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
                bytesWritten = ptrBytesWritten.ToInt32();
            }
    
            public string PointerWrite(IntPtr MemoryAddress, byte[] bytesToWrite, int[] Offset, out int bytesWritten)
            {
                int iPointerCount = Offset.Length - 1;
                IntPtr ptrBytesWritten;
                bytesWritten = 0;
                byte[] buffer = new byte[4]; //DWORD to hold an Address 
                int tempAddress = 0;
    
                if (iPointerCount == 0)
                {
                    MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesWritten);
                    tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[0]; //Final Address 
                    MemoryAPI.WriteProcessMemory(m_hProcess, (IntPtr)tempAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
    
                    bytesWritten = ptrBytesWritten.ToInt32();
                    return Addr.ToHex(tempAddress);
                }
    
                for (int i = 0; i <= iPointerCount; i++)
                {
                    if (i == iPointerCount)
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesWritten);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; //Final Address 
                        MemoryAPI.WriteProcessMemory(m_hProcess, (IntPtr)tempAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
    
                        bytesWritten = ptrBytesWritten.ToInt32();
                        return Addr.ToHex(tempAddress);
                    }
                    else if (i == 0)
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesWritten);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i];
                    }
                    else
                    {
                        MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesWritten);
                        tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i];
                    }
                }
    
                return Addr.ToHex(tempAddress);
            }
    
            public int PID()
            {
                return m_ReadProcess.Id;
            }
    
            public string BaseAddressH()
            {
                return Addr.ToHex(m_ReadProcess.MainModule.BaseAddress.ToInt32());
            }
    
            public int BaseAddressD()
            {
                return m_ReadProcess.MainModule.BaseAddress.ToInt32();
            }
    
            internal void Read(int p, int p_2, int p_3)
            {
                throw new NotImplementedException();
            }
    
            internal uint Read(int p)
            {
                throw new NotImplementedException();
            }
    
            internal string PointerRead(IntPtr intPtr, byte[] bValue_To_Read, out int bytesRead)
            {
                throw new NotImplementedException();
            }
    
            internal byte[] PointerRead(int Current_HP, int p, int[] Current_HP_Offsets)
            {
                throw new NotImplementedException();
            }
    
            internal byte[] Read(int Current_HP, int p, int[] Current_HP_Offsets)
            {
                throw new NotImplementedException();
            }
        }
    Мне удалось реализоватть запись в память ....но никак не удаётся реализовать чтение из памяти ( очевидное и невероятное )


    надеюсь ктонибудь сможет помочь с поиском ошибки в коде

    Code:
           private void button5_Click_1(object sender, EventArgs e)
            {
                Process[] aProcesses = Process.GetProcessesByName("Blanc");
                if (aProcesses.Length != 0)
                    LogBox.Text = LogBox.Text + ((" Process " + "Blanc" + " found "));
                else
                    LogBox.Text = LogBox.Text + ((" Process " + "Blanc" + " not found "));
    
                    oMemory.ReadProcess = aProcesses[0];
                    oMemory.Open(); //Open Process 
                    int Current_HP = Addr .ToDec("00a42358 "); 
                    
                    int[] Current_HP_Offsets = { 0x3dc, 0xa4}; //Offsets from bottom to top
                    
                    uint bValue_To_Read = oMemory.Read((0x00a42358+0x3dc)+0xa4);
                   
                    byte[] iValue_To_Read = BitConverter.GetBytes(bValue_To_Read); // 
                LogBox.Text=LogBox.Text+" Current HP value should be = "+ iValue_To_Read;
    Скрипт компилируется без ошибок но в момент но при запуске в момент чтения из памяти выдаёёт ошибку .
    Буду благодарен за помощь.
    Are you hackers ?...No, wee are russians!

  2. #2
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by pohkak View Post
    из памяти выдаёёт ошибку
    What type of error?

    Did you tried something like that (rough code, but should work):
    Code:
    DllImport("Kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool
    bInheritHandle, Int32 dwProcessId);
    
    [DllImport("Kernel32.dll")]
    public static extern unsafe bool ReadProcessMemory(IntPtr hProcess, IntPtr
    lpBaseAddress, byte* lpBuffer, int nSize, int* lpNumberOfBytesRead);
    
    [DllImport("Kernel32.dll")]
    public static extern unsafe bool WriteProcessMemory(IntPtr hProcess, IntPtr
    lpBaseAddress, byte* lpBuffer, int nSize, int* lpNumberOfBytesWritten);
    
    [DllImport("Kernel32.dll")]
    
    public static extern int GetLastError();
    public static readonly int PROCESS_VM_READ = 0x0010;
    public static readonly int PROCESS_VM_WRITE = 0x0020;
    
    [STAThread]
    static unsafe void Main(string[] args)
    {
    Process[] p = Process.GetProcessesByName("game");
    ProcessModule pm = p[0].MainModule;
    
    byte[] buffer = new byte[4];
    
    fixed(byte* cptr = &buffer[0])
    {
    int x = 0;
    int* xptr = &x;
    IntPtr hProcess = OpenProcess(PROCESS_VM_READ,false,p[0].Id);
    bool result = ReadProcessMemory(hProcess,pm.BaseAddress,cptr,4 ,xptr);
    ....
    Also, you can check this article, it may help: Minesweeper, Behind the scenes - CodeProject
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  3. The Following User Says Thank You to Dwar For This Useful Post:


  4. #3
    pohkak
    pohkak is offline
    Member-in-training pohkak's Avatar
    Join Date
    2010 Dec
    Posts
    171
    Thanks Thanks Given 
    29
    Thanks Thanks Received 
    10
    Thanked in
    10 Posts
    Rep Power
    0
    Dwar спасиба за ответ. я немного разобрался в чём была ошибка слегка переделал код

    Code:
     oMemory.ReadProcess = aProcesses[0];
                    oMemory.Open(); //Open Process 
    
                    int AddressToread = Addr.ToDec("00a42358"); //The static address of the pointer 
                    int[] Offset1 = {0x3DC,0xa4}; //Offsets from bottom to top 
                    
                    int bytesRead; //Holds how many bytes were written by PointerRead
                
                    byte[] sWritten_Address = oMemory.PointerRead(((IntPtr)AddressToread), 4, Offset1, out  bytesRead);
                    int suWritten_Address = BitConverter.ToInt32(sWritten_Address, 0);
                    LogBox.Text = LogBox.Text + suWritten_Address;
    
                    if (bytesRead == sWritten_Address.Length) //If writing was successful 
                        LogBox.Text = LogBox.Text + ("Read " + BitConverter.ToInt32(sWritten_Address, 0) + " From " + AddressToread + "!"); //Notify the user of success 
                    else
                        LogBox.Text = LogBox.Text + ("There was an error reading " + BitConverter.ToInt32(sWritten_Address, 0) + " from " + AddressToread + "."); //Notify the user of failure 
    
                    oMemory.CloseHandle(); //Close Memory Handle
    и всё никак немогу прочитать значение указателя .
    испробовав разные варианты я заметил когда я пытаюсь прочесть значение указателя с одним оффсетом то данный код читает ево и значение правильное ...но когда я пытаюсь прочесть значение указателя с двумя оффсетами то прочитанное значение всегда 0. Возможно ошибка в Классе Memory ? приведёённом выше.

    как новичёк в c# мне самому трудно разобраться в Классе написанном кемто другим .
    Я был бы очень благодарен за приведение в пример работающего кода как прочесть значение из
    Статический адресс 0х 00a42358
    Оффсет1 0x3dc
    Оффсет2 0a4
    Прошу уделить ещё пару минуток драгоценного времени .
    Заранее спасибо.
    Last edited by pohkak; 2011-09-04 at 12:59 PM.
    Are you hackers ?...No, wee are russians!

  5. #4
    Justt
    Justt is offline
    New member
    Join Date
    2011 Jul
    Posts
    10
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    Попробуй этот класс
    Code:
    using System.Diagnostics;
    using System.Runtime.InteropServices;
    using System;
    using System.Windows.Forms;
    using System.Media;
    using System.Text;
    using System.Threading;
    
    namespace ReadWriteMemory
    {
        internal class ProcessMemory
        {
            // Fields
            protected int BaseAddress;
            protected Process[] MyProcess;
            protected ProcessModule myProcessModule;
            private const uint PAGE_EXECUTE = 16;
            private const uint PAGE_EXECUTE_READ = 32;
            private const uint PAGE_EXECUTE_READWRITE = 64;
            private const uint PAGE_EXECUTE_WRITECOPY = 128;
            private const uint PAGE_GUARD = 256;
            private const uint PAGE_NOACCESS = 1;
            private const uint PAGE_NOCACHE = 512;
            private const uint PAGE_READONLY = 2;
            private const uint PAGE_READWRITE = 4;
            private const uint PAGE_WRITECOPY = 8;
            private const uint PROCESS_ALL_ACCESS = 2035711;
            protected int processHandle;
            protected string ProcessName;
    
            // Methods
            public ProcessMemory(string pProcessName)
            {
                this.ProcessName = pProcessName;
            }
    
            public bool CheckProcess()
            {
                return (Process.GetProcessesByName(this.ProcessName).Length > 0);
            }
    
            [DllImport("kernel32.dll")]
            public static extern bool CloseHandle(int hObject);
            public string CutString(string mystring)
            {
                char[] chArray = mystring.ToCharArray();
                string str = "";
                for (int i = 0; i < mystring.Length; i++)
                {
                    if ((chArray[i] == ' ') && (chArray[i + 1] == ' '))
                    {
                        return str;
                    }
                    if (chArray[i] == '\0')
                    {
                        return str;
                    }
                    str = str + chArray[i].ToString();
                }
                return mystring.TrimEnd(new char[] { '0' });
            }
    
            public int DllImageAddress(string dllname)
            {
                ProcessModuleCollection modules = this.MyProcess[0].Modules;
    
                foreach (ProcessModule procmodule in modules)
                {
                    if (dllname == procmodule.ModuleName)
                    {
                        return (int)procmodule.BaseAddress;
                    }
                }
                return -1;
    
            }
            [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)]
            public static extern int FindWindowByCaption(int ZeroOnly, string lpWindowName);
            public int ImageAddress()
            {
                this.BaseAddress = 0;
                this.myProcessModule = this.MyProcess[0].MainModule;
                this.BaseAddress = (int)this.myProcessModule.BaseAddress;
                return this.BaseAddress;
    
    
            }
    
            public int ImageAddress(int pOffset)
            {
                this.BaseAddress = 0;
                this.myProcessModule = this.MyProcess[0].MainModule;
                this.BaseAddress = (int)this.myProcessModule.BaseAddress;
                return (pOffset + this.BaseAddress);
            }
            public string MyProcessName()
            {
                return this.ProcessName;
            }
    
            [DllImport("kernel32.dll")]
            public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
            public int Pointer(bool AddToImageAddress, int pOffset)
            {
                return this.ReadInt(this.ImageAddress(pOffset));
            }
    
            public int Pointer(string Module, int pOffset)
            {
                return this.ReadInt(this.DllImageAddress(Module) + pOffset);
            }
    
            public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2)
            {
                //look at this shit, it doesnt even have a if statement
                if (AddToImageAddress)
                    return (this.ReadInt(this.ImageAddress() + pOffset) + pOffset2);
                else
                    return (this.ReadInt(pOffset) + pOffset2);
            }
    
            public int Pointer(string Module, int pOffset, int pOffset2)
            {
                return (this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2);
            }
    
            public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3)
            {
                return (this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3);
            }
    
            public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3)
            {
                return (this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3);
            }
    
            public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4);
            }
    
            public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4);
            }
    
            public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5);
            }
    
            public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5);
            }
    
            public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6);
            }
    
            public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6)
            {
                return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6);
            }
    
            public byte ReadByte(int pOffset)
            {
                byte[] buffer = new byte[1];
                ReadProcessMemory(this.processHandle, pOffset, buffer, 1, 0);
                return buffer[0];
            }
    
            public byte ReadByte(bool AddToImageAddress, int pOffset)
            {
                byte[] buffer = new byte[1];
                int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
                ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, 1, 0);
                return buffer[0];
            }
    
            public byte ReadByte(string Module, int pOffset)
            {
                byte[] buffer = new byte[1];
                ReadProcessMemory(this.processHandle, this.DllImageAddress(Module) + pOffset, buffer, 1, 0);
                return buffer[0];
            }
    
            public float ReadFloat(int pOffset)
            {
                return BitConverter.ToSingle(this.ReadMem(pOffset, 4), 0);
            }
    
            public float ReadFloat(bool AddToImageAddress, int pOffset)
            {
                return BitConverter.ToSingle(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
            }
    
            public float ReadFloat(string Module, int pOffset)
            {
                return BitConverter.ToSingle(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
            }
    
            public int ReadInt(int pOffset)
            {
                return BitConverter.ToInt32(this.ReadMem(pOffset, 4), 0);
            }
    
            public int ReadInt(bool AddToImageAddress, int pOffset)
            {
                return BitConverter.ToInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
            }
    
            public int ReadInt(string Module, int pOffset)
            {
                return BitConverter.ToInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
            }
    
            public byte[] ReadMem(int pOffset, int pSize)
            {
                byte[] buffer = new byte[pSize];
                ReadProcessMemory(this.processHandle, pOffset, buffer, pSize, 0);
                return buffer;
            }
    
            public byte[] ReadMem(int pOffset, int pSize, bool AddToImageAddress)
            {
                byte[] buffer = new byte[pSize];
                int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
                ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, pSize, 0);
                return buffer;
            }
    
            [DllImport("kernel32.dll")]
            public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead);
            public short ReadShort(int pOffset)
            {
                return BitConverter.ToInt16(this.ReadMem(pOffset, 2), 0);
            }
    
            public short ReadShort(bool AddToImageAddress, int pOffset)
            {
                return BitConverter.ToInt16(this.ReadMem(pOffset, 2, AddToImageAddress), 0);
            }
    
            public short ReadShort(string Module, int pOffset)
            {
                return BitConverter.ToInt16(this.ReadMem(this.DllImageAddress(Module) + pOffset, 2), 0);
            }
    
            public string ReadStringAscii(int pOffset, int pSize)
            {
                return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize)));
            }
    
            public string ReadStringAscii(bool AddToImageAddress, int pOffset, int pSize)
            {
                return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress)));
            }
    
            public string ReadStringAscii(string Module, int pOffset, int pSize)
            {
                return this.CutString(Encoding.ASCII.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize)));
            }
    
            public string ReadStringUnicode(int pOffset, int pSize)
            {
                return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize)));
            }
    
            public string ReadStringUnicode(bool AddToImageAddress, int pOffset, int pSize)
            {
                return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress)));
            }
    
            public string ReadStringUnicode(string Module, int pOffset, int pSize)
            {
                return this.CutString(Encoding.Unicode.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize)));
            }
    
            public uint ReadUInt(int pOffset)
            {
                return BitConverter.ToUInt32(this.ReadMem(pOffset, 4), 0);
            }
    
            public uint ReadUInt(bool AddToImageAddress, int pOffset)
            {
                return BitConverter.ToUInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0);
            }
    
            public uint ReadUInt(string Module, int pOffset)
            {
                return BitConverter.ToUInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0);
            }
    
            public bool StartProcess()
            {
                if (this.ProcessName != "")
                {
                    this.MyProcess = Process.GetProcessesByName(this.ProcessName);
                    if (this.MyProcess.Length == 0)
                    {
                        MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand);
                        return false;
                    }
                    this.processHandle = OpenProcess(2035711, false, this.MyProcess[0].Id);
                    if (this.processHandle == 0)
                    {
                        MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand);
                        return false;
                    }
                    return true;
                }
                MessageBox.Show("Define process name first!");
                return false;
            }
    
            [DllImport("kernel32.dll")]
            public static extern bool VirtualProtectEx(int hProcess, int lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect);
            public void WriteByte(int pOffset, byte pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes));
            }
    
            public void WriteByte(bool AddToImageAddress, int pOffset, byte pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes), AddToImageAddress);
            }
    
            public void WriteByte(string Module, int pOffset, byte pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes((short)pBytes));
            }
    
            public void WriteDouble(int pOffset, double pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteDouble(bool AddToImageAddress, int pOffset, double pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
            }
    
            public void WriteDouble(string Module, int pOffset, double pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteFloat(int pOffset, float pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteFloat(bool AddToImageAddress, int pOffset, float pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
            }
    
            public void WriteFloat(string Module, int pOffset, float pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteInt(int pOffset, int pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteInt(bool AddToImageAddress, int pOffset, int pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
            }
    
            public void WriteInt(string Module, int pOffset, int pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteMem(int pOffset, byte[] pBytes)
            {
                WriteProcessMemory(this.processHandle, pOffset, pBytes, pBytes.Length, 0);
            }
    
            public void WriteMem(int pOffset, byte[] pBytes, bool AddToImageAddress)
            {
                int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset;
                WriteProcessMemory(this.processHandle, lpBaseAddress, pBytes, pBytes.Length, 0);
            }
    
            [DllImport("kernel32.dll")]
            public static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten);
            public void WriteShort(int pOffset, short pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteShort(bool AddToImageAddress, int pOffset, short pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
            }
    
            public void WriteShort(string Module, int pOffset, short pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteStringAscii(int pOffset, string pBytes)
            {
                this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"));
            }
    
            public void WriteStringAscii(bool AddToImageAddress, int pOffset, string pBytes)
            {
                this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"), AddToImageAddress);
            }
    
            public void WriteStringAscii(string Module, int pOffset, string pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"));
            }
    
            public void WriteStringUnicode(int pOffset, string pBytes)
            {
                this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"));
            }
    
            public void WriteStringUnicode(bool AddToImageAddress, int pOffset, string pBytes)
            {
                this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"), AddToImageAddress);
            }
    
            public void WriteStringUnicode(string Module, int pOffset, string pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"));
            }
    
            public void WriteUInt(int pOffset, uint pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes));
            }
    
            public void WriteUInt(bool AddToImageAddress, int pOffset, uint pBytes)
            {
                this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress);
            }
    
            public void WriteUInt(string Module, int pOffset, uint pBytes)
            {
                this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes));
            }
    
            // Nested Types
            [Flags]
            public enum ProcessAccessFlags : uint
            {
                All = 2035711,
                CreateThread = 2,
                DupHandle = 64,
                QueryInformation = 1024,
                SetInformation = 512,
                Synchronize = 1048576,
                Terminate = 1,
                VMOperation = 8,
                VMRead = 16,
                VMWrite = 32
            }
        }
    }

  6. The Following User Says Thank You to Justt For This Useful Post:


  7. #5
    pohkak
    pohkak is offline
    Member-in-training pohkak's Avatar
    Join Date
    2010 Dec
    Posts
    171
    Thanks Thanks Given 
    29
    Thanks Thanks Received 
    10
    Thanked in
    10 Posts
    Rep Power
    0
    спасиб я повырезал немного отовсюду .
    Are you hackers ?...No, wee are russians!

  8. #6
    aiden
    aiden is offline
    Guest aiden's Avatar
    Join Date
    2012 Sep
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    you guys have translation for this?

Similar Threads

  1. [Help] reading text value with readprocessmemory
    By elshabory in forum Delphi
    Replies: 5
    Last Post: 2013-01-07, 04:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •