Created
August 20, 2019 08:36
-
-
Save Complexicon/75f1deb761939a57d7ca9cf485875512 to your computer and use it in GitHub Desktop.
MemoryLib C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
namespace MemoryLib { | |
public class MemLib { | |
//Imports to Write To Memory | |
[DllImport("kernel32.dll")] | |
public static extern int WriteProcessMemory(IntPtr Handle, long Address, byte[] buffer, int Size, int BytesWritten = 0); | |
[DllImport("kernel32.dll")] | |
public static extern int ReadProcessMemory(IntPtr Handle, long Address, byte[] buffer, int Size, int BytesRead = 0); | |
public Process Proc; | |
public long BaseAddress; | |
//Constructor | |
public MemLib(string process) { | |
try { | |
Proc = Process.GetProcessesByName(process)[0]; | |
BaseAddress = Proc.MainModule.BaseAddress.ToInt64(); | |
} | |
catch { | |
throw new Exception(); | |
} | |
} | |
//Gets the ProcessHandle of the Process Specified in the Constructor | |
public IntPtr GetProcHandle() { | |
try { | |
return Proc.Handle; | |
} | |
catch { | |
return IntPtr.Zero; | |
} | |
} | |
//Returns the Absolute address after resolving the Pointers | |
public long GetPtrAddr(long Pointer, int[] Offset = null) { | |
byte[] Buffer = new byte[8]; | |
ReadProcessMemory(GetProcHandle(), Pointer, Buffer, Buffer.Length); | |
if(Offset != null) { | |
for(int x = 0; x < (Offset.Length - 1); x++) { | |
Pointer = BitConverter.ToInt64(Buffer, 0) + Offset[x]; | |
ReadProcessMemory(GetProcHandle(), Pointer, Buffer, Buffer.Length); | |
} | |
Pointer = BitConverter.ToInt64(Buffer, 0) + Offset[Offset.Length - 1]; | |
} | |
return Pointer; | |
} | |
//For finding Sigs | |
//Example | |
//Mem.FindPattern(new byte[] { 0x48, 0x8B, 0x05, 0x0, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x48, 0x8B, 0x48, 0x08, 0x48, 0x85, 0xC9, 0x74, 0x07 }, "xxx????x????xxxxxxxxx"); | |
public long FindPattern(byte[] pattern, string mask) { | |
int moduleSize = Proc.MainModule.ModuleMemorySize; | |
if(moduleSize == 0) | |
throw new Exception($"Size of module {Proc.MainModule.ModuleName} is INVALID."); | |
byte[] moduleBytes = new byte[moduleSize]; | |
ReadProcessMemory(GetProcHandle(), BaseAddress, moduleBytes, moduleSize); | |
for(long i = 0; i < moduleSize; i++) | |
{ | |
bool found = true; | |
for(int l = 0; l < mask.Length; l++) { | |
found = mask[l] == '?' || moduleBytes[l + i] == pattern[l]; | |
if(!found) | |
break; | |
} | |
if(found) { | |
moduleBytes = null; | |
return i; | |
} | |
} | |
return 0; | |
} | |
//Memory Write Functions | |
public void Write(long BasePTR, int[] offset, byte[] Bytes) => WriteProcessMemory(GetProcHandle(), GetPtrAddr(BaseAddress + BasePTR, offset), Bytes, Bytes.Length); | |
public void Write(long BasePTR, int[] offset, bool b) => Write(BasePTR, offset, b ? new byte[] { 0x01 } : new byte[] { 0x00 }); | |
public void Write(long BasePTR, int[] offset, float Value) => Write(BasePTR, offset, BitConverter.GetBytes(Value)); | |
public void Write(long BasePTR, int[] offset, double Value) => Write(BasePTR, offset, BitConverter.GetBytes(Value)); | |
public void Write(long BasePTR, int[] offset, int Value) => Write(BasePTR, offset, BitConverter.GetBytes(Value)); | |
public void Write(long BasePTR, int[] offset, string String) => Write(BasePTR, offset, new ASCIIEncoding().GetBytes(String)); | |
public void Write(long BasePTR, int[] offset, long Value) => Write(BasePTR, offset, BitConverter.GetBytes(Value)); | |
public void Write(long BasePTR, int[] offset, uint Value) => Write(BasePTR, offset, BitConverter.GetBytes(Value)); | |
public void Write(long BasePTR, int[] offset, byte Value) => Write(BasePTR, offset, new byte[] { Value }); | |
//Reading Functions (Obviously) | |
public bool ReadBool(long BasePTR, int[] offset) => ReadByte(BasePTR, offset) != 0x00; | |
public byte[] ReadBytes(long BasePTR, int[] offset, int Length) { | |
byte[] Buffer = new byte[Length]; | |
ReadProcessMemory(GetProcHandle(), GetPtrAddr(BaseAddress + BasePTR, offset), Buffer, Length); | |
return Buffer; | |
} | |
public float ReadFloat(long BasePTR, int[] offset) => BitConverter.ToSingle(ReadBytes(BasePTR, offset, 4), 0); | |
public double ReadDouble(long BasePTR, int[] offset) => BitConverter.ToDouble(ReadBytes(BasePTR, offset, 8), 0); | |
public int ReadInt(long BasePTR, int[] offset) => BitConverter.ToInt32(ReadBytes(BasePTR, offset, 4), 0); | |
public uint ReadUInt(long BasePTR, int[] offset) => BitConverter.ToUInt32(ReadBytes(BasePTR, offset, 4), 0); | |
public string ReadString(long BasePTR, int[] offset, int size) => new ASCIIEncoding().GetString(ReadBytes(BasePTR, offset, size)); | |
public long ReadPointer(long BasePTR, int[] offset) => BitConverter.ToInt64(ReadBytes(BasePTR, offset, 8), 0); | |
public byte ReadByte(long BasePTR, int[] offset) => ReadBytes(BasePTR, offset, 1)[0]; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment