Yet Another Simple Write / Read Memory Class
I'm currently writing this "mini tuto" so don't be too rude if there is any mistake.
The complete code :
Code:
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace My_Hack_Name
{
internal class SimpleMemoryEditing
{
public bool errorFlag;
public byte[] errorMemBytes;
public IntPtr errorMemPointer = IntPtr.Zero;
public Process tempProcess;
public IntPtr tempProcessHandle = IntPtr.Zero;
public IntPtr AllocProcMem(uint size)
{
return VirtualAllocEx(this.tempProcessHandle, IntPtr.Zero, size, 0x3000, 0x40);
}
public bool AllowMem(IntPtr address, uint size)
{
try
{
uint num;
VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)4, 0x40, out num);
this.errorFlag = false;
}
catch
{
this.errorFlag = true;
this.errorMemPointer = address;
}
return this.errorFlag;
}
[DllImport("kernel32.dll")]
public static extern int CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
private static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out uint lpThreadId);
[DllImport("USER32.DLL")]
public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
public bool ForbidMem(IntPtr address, uint size)
{
try
{
uint num;
VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)4, 0x100, out num);
this.errorFlag = false;
}
catch
{
this.errorFlag = true;
this.errorMemPointer = address;
}
return this.errorFlag;
}
public void FreeProcMem(IntPtr address, int size)
{
VirtualFreeEx(this.tempProcessHandle, address, size, 0x4000);
}
[DllImport("kernel32.dll")]
public static extern uint GetProcessId([In] IntPtr process);
[DllImport("user32.dll", SetLastError = true)]
private static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
[DllImport("kernel32.dll")]
private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
public byte[] ReadMem(IntPtr address, uint size)
{
byte[] lpBuffer = new byte[size];
uint lpNumberOfBytesRead = 0;
try
{
ReadProcessMemory(this.tempProcessHandle, address, lpBuffer, size, ref lpNumberOfBytesRead);
}
catch
{
this.errorFlag = true;
}
if (lpNumberOfBytesRead != size)
{
this.errorFlag = true;
return lpBuffer;
}
this.errorFlag = false;
return lpBuffer;
}
[DllImport("Kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, ref uint lpNumberOfBytesRead);
public void ResumeProcess()
{
Process tempProcess = this.tempProcess;
if (tempProcess.ProcessName != string.Empty)
{
foreach (ProcessThread thread in tempProcess.Threads)
{
IntPtr hThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id);
if (hThread == IntPtr.Zero)
{
break;
}
ResumeThread(hThread);
}
}
}
[DllImport("kernel32.dll")]
private static extern int ResumeThread(IntPtr hThread);
public void SetProcess(IntPtr handle, Process proc)
{
this.tempProcessHandle = handle;
this.tempProcess = proc;
}
public void SuspendProcess()
{
Process tempProcess = this.tempProcess;
if (tempProcess.ProcessName != string.Empty)
{
foreach (ProcessThread thread in tempProcess.Threads)
{
IntPtr hThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id);
if (hThread == IntPtr.Zero)
{
break;
}
SuspendThread(hThread);
}
}
}
[DllImport("kernel32.dll")]
private static extern uint SuspendThread(IntPtr hThread);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
private static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
private static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, uint dwFreeType);
[DllImport("kernel32.dll")]
private static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
[DllImport("kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out IntPtr lpNumberOfBytesWritten);
public bool WriteToMem(IntPtr address, uint size, byte[] value)
{
try
{
IntPtr ptr;
uint num;
VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)size, 0x40, out num);
WriteProcessMemory(this.tempProcessHandle, address, value, (UIntPtr)size, out ptr);
VirtualProtectEx(this.tempProcessHandle, address, (UIntPtr)size, num, out num);
this.errorFlag = false;
}
catch
{
this.errorFlag = true;
this.errorMemBytes = value;
this.errorMemPointer = address;
}
return this.errorFlag;
}
[Flags]
public enum ThreadAccess
{
DIRECT_IMPERSONATION = 0x200,
GET_CONTEXT = 8,
IMPERSONATE = 0x100,
QUERY_INFORMATION = 0x40,
SET_CONTEXT = 0x10,
SET_INFORMATION = 0x20,
SET_THREAD_TOKEN = 0x80,
SUSPEND_RESUME = 2,
TERMINATE = 1
}
}
}
Simple usage, for exemple :
1° Add at the top of your class :
Code:
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
2° Define class variables :
Code:
public IntPtr ProcessHandle;
public Thread thread;
public SimpleMemoryEditing memTools;
public bool Running;
public Process ProcessName;
public bool Ingame;
private uint ProcID;
private String GameVersion;
3° In your Main constructor add :
Code:
this.memTools = new SimpleMemoryEditing();
this.ProcessHandle = IntPtr.Zero;
this.Running = true;
4° In your form closing event add :
Code:
this.Running = false;
5° Then you need those two functions to get handle on the process :
Code:
public void ScanThread()
{
try
{
this.FindHandle();
this.memTools.SetProcess(this.ProcessHandle, this.LFSProcess);
while (this.Running)
{
if ((!this.Ingame && (this.ProcessHandle != IntPtr.Zero)) && this.ProcessName.HasExited)
{
this.Close(); // for exemple close programm.
}
}
}
catch (Exception exception)
{
MessageBox.Show(exception.Message, "Scan thread exception !");
}
}
public void FindHandle()
{
this.ProcessHandle = IntPtr.Zero;
while ((this.ProcessHandle == IntPtr.Zero) && this.Running)
{
foreach (Process process in Process.GetProcesses())
{
if (process.ProcessName == "ProcessName")
{
this.ProcessHandle = OpenProcess(0x1f0fff, 1, (uint)process.Id);
this.ProcID = (uint)process.Id;
this.ProcessName = process;
return;
}
this.ProcessHandle = IntPtr.Zero;
}
}
}
6° Now you are ready ! Just a simple usage down here :
Code:
// Read example
byte[] BytesToRead;
BytesToRead = this.memTools.ReadMem((IntPtr)0xXXXXXX, YY); // XX -> ADDRESS, YY -> SIZE
// Write example
this.memTools.WriteToMem((IntPtr)0xXXXXXX, size, BytesToRead);