fjm11100
سه شنبه 17 مرداد 1391, 23:16 عصر
این هم یک کد جالب برای خواندن و نوشتن در حافظه یک پروسس خارجی!
برای اینکار از توابع ReadProcessMemory و WriteProcessMemory استفاده شده است. ابتدا توابع لازم از Api را تعریف می کنیم:
[Flags]
public enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
}
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);
توابع زیر را برای خواندن و نوشتن تعریف می کنیم:
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
byte[] buffer = new byte[numOfBytes];
ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
return buffer;
}
public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
byte[] val = BitConverter.GetBytes(value);
bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32) val.LongLength, out bytesWritten);
CloseHandle(hProc);
return worked;
}
کدهای زیر هم نحوه استفاده از توابع تعریف شده را نشان می دهد. برای خواندن:
Process process = Process.GetProcessesByName("Target App").FirstOrDefault();
int address = 0x02ED2910;
int bytesRead;
byte[] value = ReadMemory(process, address, 4, out bytesRead);
و برای نوشتن:
Process process = Process.GetProcessesByName("Target App").FirstOrDefault();
int address = 0x02ED2910;
int bytesWritten;
bool worked = WriteMemory(process, address, value, out bytesWritten);
برای اینکار از توابع ReadProcessMemory و WriteProcessMemory استفاده شده است. ابتدا توابع لازم از Api را تعریف می کنیم:
[Flags]
public enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
}
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);
توابع زیر را برای خواندن و نوشتن تعریف می کنیم:
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
byte[] buffer = new byte[numOfBytes];
ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
return buffer;
}
public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
byte[] val = BitConverter.GetBytes(value);
bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32) val.LongLength, out bytesWritten);
CloseHandle(hProc);
return worked;
}
کدهای زیر هم نحوه استفاده از توابع تعریف شده را نشان می دهد. برای خواندن:
Process process = Process.GetProcessesByName("Target App").FirstOrDefault();
int address = 0x02ED2910;
int bytesRead;
byte[] value = ReadMemory(process, address, 4, out bytesRead);
و برای نوشتن:
Process process = Process.GetProcessesByName("Target App").FirstOrDefault();
int address = 0x02ED2910;
int bytesWritten;
bool worked = WriteMemory(process, address, value, out bytesWritten);