Last active
December 14, 2016 05:21
-
-
Save pigeonhands/4f3effbe92e81d035201 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| /// <summary> | |
| /// Memory Edit Wrapper | |
| /// Made by BahNahNah | |
| /// </summary> | |
| public class MemoryEditor : IDisposable | |
| { | |
| public Process AttachedProcess { get; private set; } | |
| public IntPtr Handle { get; private set; } | |
| public void Dispose() | |
| { | |
| try | |
| { | |
| AttachedProcess.Dispose(); | |
| } | |
| catch | |
| { | |
| } | |
| } | |
| #region " Constructors " | |
| public MemoryEditor(Process p) | |
| { | |
| AttachedProcess = p; | |
| Handle = p.Handle; | |
| } | |
| #endregion | |
| #region " GetAddress " | |
| public MemoryAddress GetAddress(string module, int offset) | |
| { | |
| try | |
| { | |
| return new MemoryAddress(Handle, FindModuleAddress(module) + offset); | |
| } | |
| catch | |
| { | |
| return null; | |
| } | |
| } | |
| public MemoryAddress GetAddressFromPointer(string attach) | |
| { | |
| try | |
| { | |
| string[] split = attach.Split('+'); | |
| string module = split[0]; | |
| int[] offsets = new int[split.Length - 1]; | |
| for (int i = 0; i < offsets.Length; i++) | |
| { | |
| offsets[i] = Convert.ToInt32(split[i + 1], 16); | |
| } | |
| return GetAddressFromPointer(module, offsets); | |
| } | |
| catch | |
| { | |
| return null; | |
| } | |
| } | |
| public MemoryAddress GetAddressFromPointer(string moduleName, params int[] Offsets) | |
| { | |
| try | |
| { | |
| if (Offsets.Length < 1) throw new Exception("No offsets"); | |
| IntPtr currentAddress = FindModuleAddress(moduleName); | |
| for (int i = 0; i < Offsets.Length; i++) | |
| { | |
| currentAddress += Offsets[i]; | |
| int buffer = 0; | |
| if (i != Offsets.Length - 1 || Offsets.Length == 1) | |
| { | |
| ReadProcessMemory(Handle, currentAddress, ref buffer, 4, 0); | |
| currentAddress = new IntPtr(buffer); | |
| } | |
| } | |
| return new MemoryAddress(Handle, currentAddress); | |
| } | |
| catch | |
| { | |
| return null; | |
| } | |
| } | |
| #endregion | |
| #region " Healpers " | |
| private IntPtr FindModuleAddress(string module) | |
| { | |
| foreach (ProcessModule m in AttachedProcess.Modules) | |
| { | |
| if (m.ModuleName == module) | |
| return m.BaseAddress; | |
| } | |
| throw new Exception("Failed to fild module address"); | |
| } | |
| #endregion | |
| #region " WinApi " | |
| [DllImport("kernel32.dll")] | |
| private static extern IntPtr OpenProcess(uint access, bool inherit, int pId); | |
| [DllImport("kernel32.dll")] | |
| private static extern bool ReadProcessMemory(IntPtr handle, IntPtr baseAddress, ref int buffer, int size, int bytesWritten); | |
| #endregion | |
| } | |
| public class MemoryAddress | |
| { | |
| public IntPtr Handle { get; private set; } | |
| public IntPtr Address { get; private set; } | |
| public MemoryAddress(IntPtr h, IntPtr addr) | |
| { | |
| Handle = h; | |
| Address = addr; | |
| } | |
| #region " Functions " | |
| public MemoryAddress AddressFromOffset(int offset) | |
| { | |
| return new MemoryAddress(Handle, Address + offset); | |
| } | |
| #endregion | |
| #region " Reading " | |
| public T ReadMemory<T>() | |
| { | |
| T buffer = default(T); | |
| int size = Marshal.SizeOf<T>(buffer); | |
| IntPtr mAlloc = Marshal.AllocHGlobal(size); | |
| try | |
| { | |
| if (ReadProcessMemory(Handle, Address, mAlloc, size, 0)) | |
| buffer = (T)Marshal.PtrToStructure(mAlloc, typeof(T)); | |
| } | |
| finally | |
| { | |
| Marshal.FreeHGlobal(mAlloc); | |
| } | |
| return buffer; | |
| } | |
| public T ReadMemory<T>(int size) | |
| { | |
| T buffer = default(T); | |
| IntPtr mAlloc = Marshal.AllocHGlobal(size); | |
| try | |
| { | |
| if (ReadProcessMemory(Handle, Address, mAlloc, size, 0)) | |
| buffer = (T)Marshal.PtrToStructure(mAlloc, typeof(T)); | |
| } | |
| finally | |
| { | |
| Marshal.FreeHGlobal(mAlloc); | |
| } | |
| return buffer; | |
| } | |
| #endregion | |
| #region " Writing " | |
| public void WriteMemory<T>(T value) | |
| { | |
| GCHandle hBuffer = new GCHandle(); | |
| try | |
| { | |
| int size = Marshal.SizeOf<T>(value); | |
| hBuffer = GCHandle.Alloc(value, GCHandleType.Pinned); | |
| WriteProcessMemory(Handle, Address, hBuffer.AddrOfPinnedObject(), size, 0); | |
| } | |
| finally | |
| { | |
| hBuffer.Free(); | |
| } | |
| } | |
| #endregion | |
| #region " WinApi " | |
| [DllImport("kernel32.dll")] | |
| private static extern IntPtr OpenProcess(uint access, bool inherit, int pId); | |
| [DllImport("kernel32.dll")] | |
| private static extern bool WriteProcessMemory(IntPtr handle, IntPtr baseAddress, IntPtr buffer, int size, int bytesWritten); | |
| [DllImport("kernel32.dll")] | |
| private static extern bool ReadProcessMemory(IntPtr handle, IntPtr baseAddress, IntPtr buffer, int size, int bytesWritten); | |
| #endregion | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment