[C#] Yet Another Simple Write / Read Memory Class

I'm currently writing this "mini tuto" so don't be too rude if there is any mistake.

The complete code :

Code:

using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Runtime.InteropServices; using System.Text; namespace My_Hack_Name { internal class SimpleMemoryEditing { public bool errorFlag; public byte[] errorMemBytes; public IntPtr errorMemPointer = IntPtr.Zero; public Process tempProcess; public IntPtr tempProcessHandle = IntPtr.Zero; public IntPtr AllocProcMem(uint size) { return VirtualAllocEx(this.tempProcessHandle, IntPtr.Zero, size, 0x3000, 0x40); } public bool AllowMem(IntPtr address, uint size) { try { uint num; VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)4, 0x40, out num); this.errorFlag = false; } catch { this.errorFlag = true; this.errorMemPointer = address; } return this.errorFlag; } [DllImport("kernel32.dll")] public static extern int CloseHandle(IntPtr hObject); [DllImport("kernel32.dll")] private static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out uint lpThreadId); [DllImport("USER32.DLL")] public static extern IntPtr FindWindow(string lpClassName, string lpWindowName); public bool ForbidMem(IntPtr address, uint size) { try { uint num; VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)4, 0x100, out num); this.errorFlag = false; } catch { this.errorFlag = true; this.errorMemPointer = address; } return this.errorFlag; } public void FreeProcMem(IntPtr address, int size) { VirtualFreeEx(this.tempProcessHandle, address, size, 0x4000); } [DllImport("kernel32.dll")] public static extern uint GetProcessId([In] IntPtr process); [DllImport("user32.dll", SetLastError = true)] private static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId); [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId); [DllImport("kernel32.dll")] private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId); public byte[] ReadMem(IntPtr address, uint size) { byte[] lpBuffer = new byte[size]; uint lpNumberOfBytesRead = 0; try { ReadProcessMemory(this.tempProcessHandle, address, lpBuffer, size, ref lpNumberOfBytesRead); } catch { this.errorFlag = true; } if (lpNumberOfBytesRead != size) { this.errorFlag = true; return lpBuffer; } this.errorFlag = false; return lpBuffer; } [DllImport("Kernel32.dll")] public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, ref uint lpNumberOfBytesRead); public void ResumeProcess() { Process tempProcess = this.tempProcess; if (tempProcess.ProcessName != string.Empty) { foreach (ProcessThread thread in tempProcess.Threads) { IntPtr hThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id); if (hThread == IntPtr.Zero) { break; } ResumeThread(hThread); } } } [DllImport("kernel32.dll")] private static extern int ResumeThread(IntPtr hThread); public void SetProcess(IntPtr handle, Process proc) { this.tempProcessHandle = handle; this.tempProcess = proc; } public void SuspendProcess() { Process tempProcess = this.tempProcess; if (tempProcess.ProcessName != string.Empty) { foreach (ProcessThread thread in tempProcess.Threads) { IntPtr hThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id); if (hThread == IntPtr.Zero) { break; } SuspendThread(hThread); } } } [DllImport("kernel32.dll")] private static extern uint SuspendThread(IntPtr hThread); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] private static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] private static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, uint dwFreeType); [DllImport("kernel32.dll")] private static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); [DllImport("kernel32.dll")] private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out IntPtr lpNumberOfBytesWritten); public bool WriteToMem(IntPtr address, uint size, byte[] value) { try { IntPtr ptr; uint num; VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)size, 0x40, out num); WriteProcessMemory(this.tempProcessHandle, address, value, (UIntPtr)size, out ptr); VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)size, num, out num); this.errorFlag = false; } catch { this.errorFlag = true; this.errorMemBytes = value; this.errorMemPointer = address; } return this.errorFlag; } [Flags] public enum ThreadAccess { DIRECT_IMPERSONATION = 0x200, GET_CONTEXT = 8, IMPERSONATE = 0x100, QUERY_INFORMATION = 0x40, SET_CONTEXT = 0x10, SET_INFORMATION = 0x20, SET_THREAD_TOKEN = 0x80, SUSPEND_RESUME = 2, TERMINATE = 1 } } }

Simple usage, for exemple :

1° Add at the top of your class :

Code:

[DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);

2° Define class variables :

Code:

public IntPtr ProcessHandle; public Thread thread; public SimpleMemoryEditing memTools; public bool Running; public Process ProcessName; public bool Ingame; private uint ProcID; private String GameVersion;

3° In your Main constructor add :

Code:

this.memTools = new SimpleMemoryEditing(); this.ProcessHandle = IntPtr.Zero; this.Running = true;

4° In your form closing event add :

Code:

this.Running = false;

5° Then you need those two functions to get handle on the process :

Code:

public void ScanThread() { try { this.FindHandle(); this.memTools.SetProcess(this.ProcessHandle, this.LFSProcess); while (this.Running) { if ((!this.Ingame && (this.ProcessHandle != IntPtr.Zero)) && this.ProcessName.HasExited) { this.Close(); // for exemple close programm. } } } catch (Exception exception) { MessageBox.Show(exception.Message, "Scan thread exception !"); } } public void FindHandle() { this.ProcessHandle = IntPtr.Zero; while ((this.ProcessHandle == IntPtr.Zero) && this.Running) { foreach (Process process in Process.GetProcesses()) { if (process.ProcessName == "ProcessName") { this.ProcessHandle = OpenProcess(0x1f0fff, 1, (uint)process.Id); this.ProcID = (uint)process.Id; this.ProcessName = process; return; } this.ProcessHandle = IntPtr.Zero; } } }

6° Now you are ready ! Just a simple usage down here :

Code:

// Read example byte[] BytesToRead; BytesToRead = this.memTools.ReadMem((IntPtr)0xXXXXXX, YY); // XX -> ADDRESS, YY -> SIZE // Write example this.memTools.WriteToMem((IntPtr)0xXXXXXX, size, BytesToRead);