C#...ReadProcessMemory. ( Need Help)

Доброго времени суток.

Надеюсь получить небольшую помощь хоть и выглядит эта тема малопосещаемой .

Как новичёк в C# для начала изучения я взялся за поиски и изучение простых примеров из интернета . Чтото простенькое ...например Чтение из памяти процесса.
К сожалению в интернете можно найти множество гайдов но как назло не для c#.
поэтому пытаюсь найти помощи в этой теме ...

имея данный класс

Code:

class MemoryAPI { [Flags] public enum ProcessAccessType { PROCESS_TERMINATE = 0x0001, PROCESS_CREATE_THREAD = 0x0002, PROCESS_SET_SESSIONID = 0x0004, PROCESS_VM_OPERATION = 0x0008, PROCESS_VM_READ = 0x0010, PROCESS_VM_WRITE = 0x0020, PROCESS_DUP_HANDLE = 0x0040, PROCESS_CREATE_PROCESS = 0x0080, PROCESS_SET_QUOTA = 0x0100, PROCESS_SET_INFORMATION = 0x0200, PROCESS_QUERY_INFORMATION = 0x0400 } [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId); [DllImport("kernel32.dll")] public static extern Int32 CloseHandle(IntPtr hObject); [DllImport("kernel32.dll")] public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead); [DllImport("kernel32.dll")] public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten); }

Для чтения памяти процессов

а также класс написанный неизвестным

Code:

public class Memory { public Memory() { } public Process ReadProcess { get { return m_ReadProcess; } set { m_ReadProcess = value; } } private Process m_ReadProcess = null; private IntPtr m_hProcess = IntPtr.Zero; public void Open() { MemoryAPI.ProcessAccessType access = MemoryAPI.ProcessAccessType.PROCESS_VM_READ | MemoryAPI.ProcessAccessType.PROCESS_VM_WRITE | MemoryAPI.ProcessAccessType.PROCESS_VM_OPERATION; m_hProcess = MemoryAPI.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id); } public void CloseHandle() { int iRetValue; iRetValue = MemoryAPI.CloseHandle(m_hProcess); if (iRetValue == 0) throw new Exception("CloseHandle Failed"); } public byte[] Read(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead) { byte[] buffer = new byte[bytesToRead]; IntPtr ptrBytesRead; MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead); bytesRead = ptrBytesRead.ToInt32(); return buffer; } public byte[] PointerRead(IntPtr MemoryAddress, uint bytesToRead, int[] Offset, out int bytesRead) { int iPointerCount = Offset.Length - 1; IntPtr ptrBytesRead; bytesRead = 0; byte[] buffer = new byte[4]; //DWORD to hold an Address int tempAddress = 0; if (iPointerCount == 0) { MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesRead); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[0]; //Final Address buffer = new byte[bytesToRead]; MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, bytesToRead, out ptrBytesRead); bytesRead = ptrBytesRead.ToInt32(); return buffer; } for (int i = 0; i <= iPointerCount; i++) { if (i == iPointerCount) { MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesRead); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; //Final Address buffer = new byte[bytesToRead]; MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, bytesToRead, out ptrBytesRead); bytesRead = ptrBytesRead.ToInt32(); return buffer; } else if (i == 0) { MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesRead); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[1]; } else { MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesRead); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; } } return buffer; } public void Write(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten) { IntPtr ptrBytesWritten; MemoryAPI.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten); bytesWritten = ptrBytesWritten.ToInt32(); } public string PointerWrite(IntPtr MemoryAddress, byte[] bytesToWrite, int[] Offset, out int bytesWritten) { int iPointerCount = Offset.Length - 1; IntPtr ptrBytesWritten; bytesWritten = 0; byte[] buffer = new byte[4]; //DWORD to hold an Address int tempAddress = 0; if (iPointerCount == 0) { MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesWritten); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[0]; //Final Address MemoryAPI.WriteProcessMemory(m_hProcess, (IntPtr)tempAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten); bytesWritten = ptrBytesWritten.ToInt32(); return Addr.ToHex(tempAddress); } for (int i = 0; i <= iPointerCount; i++) { if (i == iPointerCount) { MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesWritten); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; //Final Address MemoryAPI.WriteProcessMemory(m_hProcess, (IntPtr)tempAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten); bytesWritten = ptrBytesWritten.ToInt32(); return Addr.ToHex(tempAddress); } else if (i == 0) { MemoryAPI.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesWritten); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; } else { MemoryAPI.ReadProcessMemory(m_hProcess, (IntPtr)tempAddress, buffer, 4, out ptrBytesWritten); tempAddress = Addr.ToDec(Addr.Make(buffer)) + Offset[i]; } } return Addr.ToHex(tempAddress); } public int PID() { return m_ReadProcess.Id; } public string BaseAddressH() { return Addr.ToHex(m_ReadProcess.MainModule.BaseAddress.ToInt32()); } public int BaseAddressD() { return m_ReadProcess.MainModule.BaseAddress.ToInt32(); } internal void Read(int p, int p_2, int p_3) { throw new NotImplementedException(); } internal uint Read(int p) { throw new NotImplementedException(); } internal string PointerRead(IntPtr intPtr, byte[] bValue_To_Read, out int bytesRead) { throw new NotImplementedException(); } internal byte[] PointerRead(int Current_HP, int p, int[] Current_HP_Offsets) { throw new NotImplementedException(); } internal byte[] Read(int Current_HP, int p, int[] Current_HP_Offsets) { throw new NotImplementedException(); } }

Мне удалось реализоватть запись в память ....но никак не удаётся реализовать чтение из памяти ( очевидное и невероятное )

надеюсь ктонибудь сможет помочь с поиском ошибки в коде

Code:

private void button5_Click_1(object sender, EventArgs e) { Process[] aProcesses = Process.GetProcessesByName("Blanc"); if (aProcesses.Length != 0) LogBox.Text = LogBox.Text + ((" Process " + "Blanc" + " found ")); else LogBox.Text = LogBox.Text + ((" Process " + "Blanc" + " not found ")); oMemory.ReadProcess = aProcesses[0]; oMemory.Open(); //Open Process int Current_HP = Addr .ToDec("00a42358 "); int[] Current_HP_Offsets = { 0x3dc, 0xa4}; //Offsets from bottom to top uint bValue_To_Read = oMemory.Read((0x00a42358+0x3dc)+0xa4); byte[] iValue_To_Read = BitConverter.GetBytes(bValue_To_Read); // LogBox.Text=LogBox.Text+" Current HP value should be = "+ iValue_To_Read;

Скрипт компилируется без ошибок но в момент но при запуске в момент чтения из памяти выдаёёт ошибку .
Буду благодарен за помощь.

Quote:

Originally Posted by pohkak [Only registered and activated users can see links. Click Here To Register...]

из памяти выдаёёт ошибку

What type of error?

Did you tried something like that (rough code, but should work):

Code:

DllImport("Kernel32.dll")] public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, Int32 dwProcessId); [DllImport("Kernel32.dll")] public static extern unsafe bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte* lpBuffer, int nSize, int* lpNumberOfBytesRead); [DllImport("Kernel32.dll")] public static extern unsafe bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte* lpBuffer, int nSize, int* lpNumberOfBytesWritten); [DllImport("Kernel32.dll")] public static extern int GetLastError(); public static readonly int PROCESS_VM_READ = 0x0010; public static readonly int PROCESS_VM_WRITE = 0x0020; [STAThread] static unsafe void Main(string[] args) { Process[] p = Process.GetProcessesByName("game"); ProcessModule pm = p[0].MainModule; byte[] buffer = new byte[4]; fixed(byte* cptr = &buffer[0]) { int x = 0; int* xptr = &x; IntPtr hProcess = OpenProcess(PROCESS_VM_READ,false,p[0].Id); bool result = ReadProcessMemory(hProcess,pm.BaseAddress,cptr,4 ,xptr); ....

Also, you can check this article, it may help: [Only registered and activated users can see links. Click Here To Register...]

Dwar спасиба за ответ. я немного разобрался в чём была ошибка слегка переделал код

Code:

oMemory.ReadProcess = aProcesses[0]; oMemory.Open(); //Open Process int AddressToread = Addr.ToDec("00a42358"); //The static address of the pointer int[] Offset1 = {0x3DC,0xa4}; //Offsets from bottom to top int bytesRead; //Holds how many bytes were written by PointerRead byte[] sWritten_Address = oMemory.PointerRead(((IntPtr)AddressToread), 4, Offset1, out bytesRead); int suWritten_Address = BitConverter.ToInt32(sWritten_Address, 0); LogBox.Text = LogBox.Text + suWritten_Address; if (bytesRead == sWritten_Address.Length) //If writing was successful LogBox.Text = LogBox.Text + ("Read " + BitConverter.ToInt32(sWritten_Address, 0) + " From " + AddressToread + "!"); //Notify the user of success else LogBox.Text = LogBox.Text + ("There was an error reading " + BitConverter.ToInt32(sWritten_Address, 0) + " from " + AddressToread + "."); //Notify the user of failure oMemory.CloseHandle(); //Close Memory Handle

и всё никак немогу прочитать значение указателя .
испробовав разные варианты я заметил когда я пытаюсь прочесть значение указателя с одним оффсетом то данный код читает ево и значение правильное ...но когда я пытаюсь прочесть значение указателя с двумя оффсетами то прочитанное значение всегда 0. Возможно ошибка в Классе Memory ? приведёённом выше.

как новичёк в c# мне самому трудно разобраться в Классе написанном кемто другим .
Я был бы очень благодарен за приведение в пример работающего кода как прочесть значение из
Статический адресс 0х 00a42358
Оффсет1 0x3dc
Оффсет2 0a4
Прошу уделить ещё пару минуток драгоценного времени .
Заранее спасибо.

Попробуй этот класс

Code:

using System.Diagnostics; using System.Runtime.InteropServices; using System; using System.Windows.Forms; using System.Media; using System.Text; using System.Threading; namespace ReadWriteMemory { internal class ProcessMemory { // Fields protected int BaseAddress; protected Process[] MyProcess; protected ProcessModule myProcessModule; private const uint PAGE_EXECUTE = 16; private const uint PAGE_EXECUTE_READ = 32; private const uint PAGE_EXECUTE_READWRITE = 64; private const uint PAGE_EXECUTE_WRITECOPY = 128; private const uint PAGE_GUARD = 256; private const uint PAGE_NOACCESS = 1; private const uint PAGE_NOCACHE = 512; private const uint PAGE_READONLY = 2; private const uint PAGE_READWRITE = 4; private const uint PAGE_WRITECOPY = 8; private const uint PROCESS_ALL_ACCESS = 2035711; protected int processHandle; protected string ProcessName; // Methods public ProcessMemory(string pProcessName) { this.ProcessName = pProcessName; } public bool CheckProcess() { return (Process.GetProcessesByName(this.ProcessName).Length > 0); } [DllImport("kernel32.dll")] public static extern bool CloseHandle(int hObject); public string CutString(string mystring) { char[] chArray = mystring.ToCharArray(); string str = ""; for (int i = 0; i < mystring.Length; i++) { if ((chArray[i] == ' ') && (chArray[i + 1] == ' ')) { return str; } if (chArray[i] == '\0') { return str; } str = str + chArray[i].ToString(); } return mystring.TrimEnd(new char[] { '0' }); } public int DllImageAddress(string dllname) { ProcessModuleCollection modules = this.MyProcess[0].Modules; foreach (ProcessModule procmodule in modules) { if (dllname == procmodule.ModuleName) { return (int)procmodule.BaseAddress; } } return -1; } [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)] public static extern int FindWindowByCaption(int ZeroOnly, string lpWindowName); public int ImageAddress() { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return this.BaseAddress; } public int ImageAddress(int pOffset) { this.BaseAddress = 0; this.myProcessModule = this.MyProcess[0].MainModule; this.BaseAddress = (int)this.myProcessModule.BaseAddress; return (pOffset + this.BaseAddress); } public string MyProcessName() { return this.ProcessName; } [DllImport("kernel32.dll")] public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); public int Pointer(bool AddToImageAddress, int pOffset) { return this.ReadInt(this.ImageAddress(pOffset)); } public int Pointer(string Module, int pOffset) { return this.ReadInt(this.DllImageAddress(Module) + pOffset); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2) { //look at this shit, it doesnt even have a if statement if (AddToImageAddress) return (this.ReadInt(this.ImageAddress() + pOffset) + pOffset2); else return (this.ReadInt(pOffset) + pOffset2); } public int Pointer(string Module, int pOffset, int pOffset2) { return (this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3) { return (this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5); } public int Pointer(bool AddToImageAddress, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ImageAddress(pOffset)) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public int Pointer(string Module, int pOffset, int pOffset2, int pOffset3, int pOffset4, int pOffset5, int pOffset6) { return (this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.ReadInt(this.DllImageAddress(Module) + pOffset) + pOffset2) + pOffset3) + pOffset4) + pOffset5) + pOffset6); } public byte ReadByte(int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, pOffset, buffer, 1, 0); return buffer[0]; } public byte ReadByte(bool AddToImageAddress, int pOffset) { byte[] buffer = new byte[1]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, 1, 0); return buffer[0]; } public byte ReadByte(string Module, int pOffset) { byte[] buffer = new byte[1]; ReadProcessMemory(this.processHandle, this.DllImageAddress(Module) + pOffset, buffer, 1, 0); return buffer[0]; } public float ReadFloat(int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4), 0); } public float ReadFloat(bool AddToImageAddress, int pOffset) { return BitConverter.ToSingle(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public float ReadFloat(string Module, int pOffset) { return BitConverter.ToSingle(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public int ReadInt(int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4), 0); } public int ReadInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public int ReadInt(string Module, int pOffset) { return BitConverter.ToInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public byte[] ReadMem(int pOffset, int pSize) { byte[] buffer = new byte[pSize]; ReadProcessMemory(this.processHandle, pOffset, buffer, pSize, 0); return buffer; } public byte[] ReadMem(int pOffset, int pSize, bool AddToImageAddress) { byte[] buffer = new byte[pSize]; int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; ReadProcessMemory(this.processHandle, lpBaseAddress, buffer, pSize, 0); return buffer; } [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead); public short ReadShort(int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2), 0); } public short ReadShort(bool AddToImageAddress, int pOffset) { return BitConverter.ToInt16(this.ReadMem(pOffset, 2, AddToImageAddress), 0); } public short ReadShort(string Module, int pOffset) { return BitConverter.ToInt16(this.ReadMem(this.DllImageAddress(Module) + pOffset, 2), 0); } public string ReadStringAscii(int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringAscii(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringAscii(string Module, int pOffset, int pSize) { return this.CutString(Encoding.ASCII.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public string ReadStringUnicode(int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize))); } public string ReadStringUnicode(bool AddToImageAddress, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(pOffset, pSize, AddToImageAddress))); } public string ReadStringUnicode(string Module, int pOffset, int pSize) { return this.CutString(Encoding.Unicode.GetString(this.ReadMem(this.DllImageAddress(Module) + pOffset, pSize))); } public uint ReadUInt(int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4), 0); } public uint ReadUInt(bool AddToImageAddress, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(pOffset, 4, AddToImageAddress), 0); } public uint ReadUInt(string Module, int pOffset) { return BitConverter.ToUInt32(this.ReadMem(this.DllImageAddress(Module) + pOffset, 4), 0); } public bool StartProcess() { if (this.ProcessName != "") { this.MyProcess = Process.GetProcessesByName(this.ProcessName); if (this.MyProcess.Length == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } this.processHandle = OpenProcess(2035711, false, this.MyProcess[0].Id); if (this.processHandle == 0) { MessageBox.Show(this.ProcessName + " is not running or has not been found. Please check and try again", "Process Not Found", MessageBoxButtons.OK, MessageBoxIcon.Hand); return false; } return true; } MessageBox.Show("Define process name first!"); return false; } [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(int hProcess, int lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect); public void WriteByte(int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteByte(bool AddToImageAddress, int pOffset, byte pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes((short)pBytes), AddToImageAddress); } public void WriteByte(string Module, int pOffset, byte pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes((short)pBytes)); } public void WriteDouble(int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteDouble(bool AddToImageAddress, int pOffset, double pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteDouble(string Module, int pOffset, double pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteFloat(bool AddToImageAddress, int pOffset, float pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteFloat(string Module, int pOffset, float pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteInt(bool AddToImageAddress, int pOffset, int pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteInt(string Module, int pOffset, int pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteMem(int pOffset, byte[] pBytes) { WriteProcessMemory(this.processHandle, pOffset, pBytes, pBytes.Length, 0); } public void WriteMem(int pOffset, byte[] pBytes, bool AddToImageAddress) { int lpBaseAddress = AddToImageAddress ? this.ImageAddress(pOffset) : pOffset; WriteProcessMemory(this.processHandle, lpBaseAddress, pBytes, pBytes.Length, 0); } [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten); public void WriteShort(int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteShort(bool AddToImageAddress, int pOffset, short pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteShort(string Module, int pOffset, short pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } public void WriteStringAscii(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringAscii(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.ASCII.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringAscii(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.ASCII.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteStringUnicode(bool AddToImageAddress, int pOffset, string pBytes) { this.WriteMem(pOffset, Encoding.Unicode.GetBytes(pBytes + "\0"), AddToImageAddress); } public void WriteStringUnicode(string Module, int pOffset, string pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, Encoding.Unicode.GetBytes(pBytes + "\0")); } public void WriteUInt(int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes)); } public void WriteUInt(bool AddToImageAddress, int pOffset, uint pBytes) { this.WriteMem(pOffset, BitConverter.GetBytes(pBytes), AddToImageAddress); } public void WriteUInt(string Module, int pOffset, uint pBytes) { this.WriteMem(this.DllImageAddress(Module) + pOffset, BitConverter.GetBytes(pBytes)); } // Nested Types [Flags] public enum ProcessAccessFlags : uint { All = 2035711, CreateThread = 2, DupHandle = 64, QueryInformation = 1024, SetInformation = 512, Synchronize = 1048576, Terminate = 1, VMOperation = 8, VMRead = 16, VMWrite = 32 } } }

спасиб я повырезал немного отовсюду .

you guys have translation for this?