ReadProcessMemory
Last Updated: Aug 21 2010 15:42, Started by
todo1979
, Aug 21 2010 15:42
·
0
#1
Posted 21 August 2010 - 15:42
Salutare tuturor,
incerc de ceva vreme sa citesc un text din adresele de memorie ale unui process. Pana acum am reusit sa identific mbi.baseaddress si mbi.regionsize si sa citesc din fiecare adresa cate un byte, insa dureaza o vesnicie si nici nu prea are rezultate. Ceea ce vreau este ca proiectul meu sa acceseze procesul, sa identifice prima adresa si dimensiunea spatiului ocupat si sa citeasca intreg blocul de memorie intr-un string si apoi sa verifice daca blocul respectiv contine textul pe care trebuie sa-l caute, apoi sa treaca la urmatoarea zona de memorie in caz ca nu a gasit nimic. Textul de cautat este "34,56,23,74,69" iar procesul este "firefox" Poate ma puteti ajuta,multumesc Imports VB = Microsoft.VisualBasic Imports System.Runtime.InteropServices Imports System.Security.Permissions Public Class Form1 Inherits System.Windows.Forms.Form #Region " Windows Form Designer generated code " Public Sub New() MyBase.New() InitializeComponent() End Sub Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean) If disposing Then If Not (components Is Nothing) Then components.Dispose() End If End If MyBase.Dispose(disposing) End Sub Private components As System.ComponentModel.IContainer Friend WithEvents CheckedListBox1 As System.Windows.Forms.CheckedListBox Friend WithEvents RichTextBox1 As System.Windows.Forms.RichTextBox Friend WithEvents Command1 As System.Windows.Forms.Button <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent() Me.Command1 = New System.Windows.Forms.Button() Me.CheckedListBox1 = New System.Windows.Forms.CheckedListBox() Me.RichTextBox1 = New System.Windows.Forms.RichTextBox() Me.SuspendLayout() ' 'Command1 ' Me.Command1.BackColor = System.Drawing.SystemColors.Control Me.Command1.ForeColor = System.Drawing.SystemColors.ControlText Me.Command1.Location = New System.Drawing.Point(0, -1) Me.Command1.Name = "Command1" Me.Command1.Size = New System.Drawing.Size(121, 23) Me.Command1.TabIndex = 0 Me.Command1.Text = "Command1" Me.Command1.UseVisualStyleBackColor = False ' 'CheckedListBox1 ' Me.CheckedListBox1.FormattingEnabled = True Me.CheckedListBox1.Location = New System.Drawing.Point(1, 28) Me.CheckedListBox1.Name = "CheckedListBox1" Me.CheckedListBox1.Size = New System.Drawing.Size(120, 454) Me.CheckedListBox1.TabIndex = 1 ' 'RichTextBox1 ' Me.RichTextBox1.Location = New System.Drawing.Point(127, -1) Me.RichTextBox1.Name = "RichTextBox1" Me.RichTextBox1.Size = New System.Drawing.Size(877, 483) Me.RichTextBox1.TabIndex = 2 Me.RichTextBox1.Text = "" ' 'Form1 ' Me.BackColor = System.Drawing.SystemColors.Control Me.ClientSize = New System.Drawing.Size(1004, 484) Me.Controls.Add(Me.RichTextBox1) Me.Controls.Add(Me.CheckedListBox1) Me.Controls.Add(Me.Command1) Me.ForeColor = System.Drawing.SystemColors.ControlText Me.Name = "Form1" Me.Text = "Form1" Me.ResumeLayout(False) End Sub #End Region Structure MEMORY_BASIC_INFORMATION ' 28 bytes Dim BaseAddress As Integer Dim AllocationBase As Integer Dim AllocationProtect As Integer Dim RegionSize As Integer Dim State As Integer Dim Protect As Integer Dim lType As Integer End Structure Structure SYSTEM_INFO ' 36 Bytes Dim dwOemID As Integer Dim dwPageSize As Integer Dim lpMinimumApplicationAddress As Integer Dim lpMaximumApplicationAddress As Integer Dim dwActiveProcessorMask As Integer Dim dwNumberOrfProcessors As Integer Dim dwProcessorType As Integer Dim dwAllocationGranularity As Integer Dim wProcessorLevel As Short Dim wProcessorRevision As Short End Structure <SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _ Private Declare Function VirtualQueryEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As UInteger) As IntPtr '<DllImport("kernel32.dll", SetLastError:=True)> Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As IntPtr, ByVal iSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean 'End Function Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByRef lpBuffer As Int32, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32 Private Declare Sub GetSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SYSTEM_INFO) Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal blnheritHandle As Integer, ByVal dwAppProcessId As Integer) As Integer Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer Public Const PROCESS_ALL_ACCESS As Integer = &H1F0FFF Const MEM_PRIVATE As Integer = &H20000 Const MEM_COMMIT As Short = &H1000 Private Sub Command1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Command1.Click Dim hProcess As IntPtr 'Dim hProcess As Int32 Dim lpMem As UInteger, lLenMBI As IntPtr 'Dim lWritten As Integer, CalcAddress As IntPtr, lPos As Long Dim lWritten As Long, CalcAddress As Integer, lPos As Long = 0 Dim sBuffer As Long 'Dim sBuffer As String Dim sSearchString As String Dim si As SYSTEM_INFO Dim mbi As MEMORY_BASIC_INFORMATION Dim ret As IntPtr sSearchString = "34,56,23,74,69" hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, game_hwnd) lLenMBI = Len(mbi) GetSystemInfo(si) lpMem = si.lpMinimumApplicationAddress Do While lpMem < si.lpMaximumApplicationAddress mbi.RegionSize = 0 ret = VirtualQueryEx(hProcess, lpMem, mbi, lLenMBI) If ret = lLenMBI Then If ((mbi.lType = MEM_PRIVATE) And (mbi.State = MEM_COMMIT)) Then If mbi.RegionSize > 0 Then 'sBuffer = StrDup(mbi.RegionSize, 0) 'AICI NU MERGE 'sBuffer = mbi.RegionSize Dim rett As Byte() = Nothing Dim tStr As String = Nothing Dim address As Integer = 0 Dim retstr As String = "" address = mbi.BaseAddress sBuffer = 10000 RichTextBox1.AppendText("region: " & mbi.RegionSize & " address: " & address & vbNewLine) For i As Integer = 0 To mbi.RegionSize Step 10000 ReadProcessMemory(hProcess, address + i, sBuffer, 1, 0) 'AICI NU MERGE rett = BitConverter.GetBytes(sBuffer) tStr = System.Text.Encoding.ASCII.GetString(rett) retstr += tStr 'retstr += sBuffer Application.DoEvents() Next If InStr(retstr, sSearchString) Then MsgBox("found") Exit Sub End If 'lPos = InStr(1, sBuffer, sSearchString, CompareMethod.Text) 'If lPos Then 'CheckedListBox1.Items.Add((sBuffer.ToString).Substring(lPos - 1, sSearchString.Length)) 'CalcAddress = mbi.BaseAddress + lPos 'CheckedListBox1.Items.Add(CalcAddress.ToString) 'Exit Do 'End If End If End If On Error GoTo Finished lpMem = mbi.BaseAddress + mbi.RegionSize On Error GoTo 0 Else Exit Do End If Loop Finished: MsgBox("error") CloseHandle(hProcess) End Sub Public Function game_hwnd() As Long Dim procList() As Process = Process.GetProcesses() Dim iProcID As Integer For i As Integer = 0 To UBound(procList) Dim strProcName As String = procList(i).ProcessName If strProcName = "firefox" Then iProcID = procList(i).Id Exit For End If Next Return iProcID End Function End Class |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users