├── .circleci
└── config.yml
├── .gitattributes
├── .gitignore
├── LICENSE
├── MemoryX.sln
├── MemoryX
├── Memory.cs
├── MemoryX.csproj
└── Properties
│ └── AssemblyInfo.cs
├── MemoryXTest
├── App.config
├── MemoryXTest.csproj
├── Program.cs
└── Properties
│ └── AssemblyInfo.cs
├── README.md
└── images
└── baseAddress.png
/.circleci/config.yml:
--------------------------------------------------------------------------------
1 | version: 2.1
2 |
3 | orbs:
4 | win: circleci/windows@2.2.0
5 |
6 | jobs:
7 | build:
8 | executor: win/default
9 |
10 | steps:
11 | - checkout
12 | - run: dotnet build
13 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Ayuth Mangmesap
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/MemoryX.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26206.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemoryX", "MemoryX\MemoryX.csproj", "{DF85FBCD-1829-4587-87C1-68C4E25E2EA1}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemoryXTest", "MemoryXTest\MemoryXTest.csproj", "{8ACC75BA-61EA-49C0-A410-BDA41327760B}"
9 | ProjectSection(ProjectDependencies) = postProject
10 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1} = {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}
11 | EndProjectSection
12 | EndProject
13 | Global
14 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
15 | Debug|Any CPU = Debug|Any CPU
16 | Release|Any CPU = Release|Any CPU
17 | EndGlobalSection
18 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
19 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
20 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}.Debug|Any CPU.Build.0 = Debug|Any CPU
21 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}.Release|Any CPU.ActiveCfg = Release|Any CPU
22 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}.Release|Any CPU.Build.0 = Release|Any CPU
23 | {8ACC75BA-61EA-49C0-A410-BDA41327760B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
24 | {8ACC75BA-61EA-49C0-A410-BDA41327760B}.Debug|Any CPU.Build.0 = Debug|Any CPU
25 | {8ACC75BA-61EA-49C0-A410-BDA41327760B}.Release|Any CPU.ActiveCfg = Release|Any CPU
26 | {8ACC75BA-61EA-49C0-A410-BDA41327760B}.Release|Any CPU.Build.0 = Release|Any CPU
27 | EndGlobalSection
28 | GlobalSection(SolutionProperties) = preSolution
29 | HideSolutionNode = FALSE
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/MemoryX/Memory.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Linq;
5 | using System.Runtime.ConstrainedExecution;
6 | using System.Runtime.InteropServices;
7 | using System.Security;
8 | using System.Text;
9 |
10 | namespace MemoryX
11 | {
12 | public class Memory
13 | {
14 | // Good article for this source: https://www.codeproject.com/Articles/670373/Csharp-Read-Write-another-Process-Memory
15 | private IntPtr processHandle;
16 | private int processId;
17 | private int bytesWritten;
18 | private int bytesRead;
19 |
20 | [Flags]
21 | public enum MemoryProtection
22 | {
23 | PAGE_NOACCESS = 1,
24 | PAGE_READONLY = 2,
25 | PAGE_READWRITE = 4,
26 | PAGE_WRITECOPY = 8,
27 | PAGE_EXECUTE = 16,
28 | PAGE_EXECUTE_READ = 32,
29 | PAGE_EXECUTE_READWRITE = 64,
30 | PAGE_EXECUTE_WRITECOPY = 128,
31 | PAGE_GUARD = 256,
32 | PAGE_NOCACHE = 512
33 | }
34 |
35 | [Flags]
36 | public enum ProcessAccess
37 | {
38 | ///
39 | /// Required to create a thread.
40 | ///
41 | CreateThread = 0x0002,
42 |
43 | ///
44 | ///
45 | ///
46 | SetSessionId = 0x0004,
47 |
48 | ///
49 | /// Required to perform an operation on the address space of a process
50 | ///
51 | VmOperation = 0x0008,
52 |
53 | ///
54 | /// Required to read memory in a process using ReadProcessMemory.
55 | ///
56 | VmRead = 0x0010,
57 |
58 | ///
59 | /// Required to write to memory in a process using WriteProcessMemory.
60 | ///
61 | VmWrite = 0x0020,
62 |
63 | ///
64 | /// Required to duplicate a handle using DuplicateHandle.
65 | ///
66 | DupHandle = 0x0040,
67 |
68 | ///
69 | /// Required to create a process.
70 | ///
71 | CreateProcess = 0x0080,
72 |
73 | ///
74 | /// Required to set memory limits using SetProcessWorkingSetSize.
75 | ///
76 | SetQuota = 0x0100,
77 |
78 | ///
79 | /// Required to set certain information about a process, such as its priority class (see SetPriorityClass).
80 | ///
81 | SetInformation = 0x0200,
82 |
83 | ///
84 | /// Required to retrieve certain information about a process, such as its token, exit code, and priority class (see OpenProcessToken).
85 | ///
86 | QueryInformation = 0x0400,
87 |
88 | ///
89 | /// Required to suspend or resume a process.
90 | ///
91 | SuspendResume = 0x0800,
92 |
93 | ///
94 | /// Required to retrieve certain information about a process (see GetExitCodeProcess, GetPriorityClass, IsProcessInJob, QueryFullProcessImageName).
95 | /// A handle that has the PROCESS_QUERY_INFORMATION access right is automatically granted PROCESS_QUERY_LIMITED_INFORMATION.
96 | ///
97 | QueryLimitedInformation = 0x1000,
98 |
99 | ///
100 | /// Required to wait for the process to terminate using the wait functions.
101 | ///
102 | Synchronize = 0x100000,
103 |
104 | ///
105 | /// Required to delete the object.
106 | ///
107 | Delete = 0x00010000,
108 |
109 | ///
110 | /// Required to read information in the security descriptor for the object, not including the information in the SACL.
111 | /// To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right.
112 | ///
113 | ReadControl = 0x00020000,
114 |
115 | ///
116 | /// Required to modify the DACL in the security descriptor for the object.
117 | ///
118 | WriteDac = 0x00040000,
119 |
120 | ///
121 | /// Required to change the owner in the security descriptor for the object.
122 | ///
123 | WriteOwner = 0x00080000,
124 |
125 | StandardRightsRequired = 0x000F0000,
126 |
127 | ///
128 | /// All possible access rights for a process object.
129 | ///
130 | AllAccess = StandardRightsRequired | Synchronize | 0xFFFF
131 | }
132 |
133 | [DllImport("kernel32.dll")]
134 | public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
135 |
136 | [DllImport("kernel32.dll", SetLastError = true)]
137 | public static extern int WriteProcessMemory(IntPtr hProcess, long lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesWritten);
138 |
139 | [DllImport("kernel32.dll", SetLastError = true)]
140 | public static extern int WriteProcessMemory(IntPtr hProcess, long lpBaseAddress, int value, int dwSize, ref int lpNumberOfBytesWritten);
141 |
142 | [DllImport("kernel32.dll")]
143 | public static extern int ReadProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
144 | [DllImport("kernel32.dll")]
145 | public static extern int ReadProcessMemory(IntPtr hProcess, long lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
146 |
147 | [DllImport("kernel32.dll")]
148 | public static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
149 |
150 | [DllImport("kernel32.dll", SetLastError = true)]
151 | [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
152 | [SuppressUnmanagedCodeSecurity]
153 | [return: MarshalAs(UnmanagedType.Bool)]
154 | public static extern bool CloseHandle(IntPtr hObject);
155 |
156 | public int GetBytesWritten()
157 | {
158 | return bytesWritten;
159 | }
160 |
161 | public bool CloseProcessHandle()
162 | {
163 | return CloseHandle(processHandle);
164 | }
165 |
166 | public IntPtr GetProcessHandle()
167 | {
168 | return processHandle;
169 | }
170 |
171 | public int GetProcessID()
172 | {
173 | return this.processId;
174 | }
175 |
176 | public Boolean GetProcessHandle(int PID)
177 | {
178 | try
179 | {
180 | Process proc = Process.GetProcessById(PID);
181 | this.processId = proc.Id;
182 | this.processHandle = OpenProcess((int)ProcessAccess.AllAccess, false, processId);
183 | return true;
184 | }
185 | catch
186 | {
187 | return false;
188 | }
189 | }
190 |
191 | public Boolean GetProcessHandle(String procName)
192 | {
193 | try
194 | {
195 | // for search all processes by name
196 | foreach (Process proc in Process.GetProcessesByName(procName))
197 | {
198 | //take the first process
199 | this.processId = proc.Id;
200 | this.processHandle = OpenProcess((int)ProcessAccess.AllAccess, false, this.processId);
201 | return true;
202 | }
203 | return false;
204 |
205 | }
206 | catch
207 | {
208 | return false;
209 | }
210 |
211 | }
212 |
213 | ///
214 | /// Return a BaseAddress of module
215 | ///
216 | public long GetBaseAddress(String moduleName)
217 | {
218 | IntPtr baseAddress = IntPtr.Zero;
219 | try
220 | {
221 | foreach (ProcessModule PM in Process.GetProcessById(processId).Modules)
222 | {
223 | if (moduleName.ToLower() == PM.ModuleName.ToLower())
224 | baseAddress = PM.BaseAddress;
225 | }
226 | return (long)baseAddress;
227 | }
228 | catch (Exception ex)
229 | {
230 | return (long)IntPtr.Zero;
231 | }
232 | }
233 |
234 | ///
235 | /// Changes the protection of the page with the specified starting address to PAGE_EXECUTE_READWRITE
236 | /// https://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
237 | ///
238 | public bool RemoveProtection(long lpBaseAddress)
239 | {
240 | uint oldProtect;
241 | return VirtualProtectEx(processHandle, new IntPtr(lpBaseAddress), new UIntPtr(2048), Convert.ToUInt32(MemoryProtection.PAGE_EXECUTE_READWRITE), out oldProtect);
242 | }
243 |
244 | public int WriteMemory(long lpBaseAddress, byte[] value)
245 | {
246 | // https://msdn.microsoft.com/en-us/library/bb383973.aspx
247 | // http://stackoverflow.com/questions/4271291/writeprocessmemory-with-an-int-value
248 | return WriteProcessMemory(processHandle, lpBaseAddress, value, value.Length, ref bytesWritten);
249 | }
250 |
251 | public int WriteMemory(long lpBaseAddress, String value)
252 | {
253 | // http://stackoverflow.com/questions/16072709/converting-string-to-byte-array-in-c-sharp
254 | var arr = Encoding.ASCII.GetBytes(value);
255 | return WriteProcessMemory(processHandle, lpBaseAddress, arr, arr.Length, ref bytesWritten);
256 | }
257 |
258 | public int WriteMemory(long lpBaseAddress, int value)
259 | {
260 | return WriteMemory(lpBaseAddress, BitConverter.GetBytes(value));
261 | }
262 |
263 | public int WriteMemory(long lpBaseAddress, float value)
264 | {
265 | return WriteMemory(lpBaseAddress, BitConverter.GetBytes(value));
266 | }
267 |
268 | public int WriteMemory(long lpBaseAddress, double value)
269 | {
270 | return WriteMemory(lpBaseAddress, BitConverter.GetBytes(value));
271 | }
272 |
273 | public int WriteMemory(long lpBaseAddress, byte value)
274 | {
275 | return WriteMemory(lpBaseAddress, BitConverter.GetBytes(value));
276 | }
277 |
278 | public int WriteMemoryPointer(long lpBaseAddress, int[] offsets, int value)
279 | {
280 | foreach (int offset in offsets)
281 | {
282 | lpBaseAddress = ReadInt32(lpBaseAddress);
283 | lpBaseAddress += offset;
284 | }
285 | return WriteMemory(lpBaseAddress, value);
286 | }
287 |
288 | ///
289 | /// Read a memory address value and return to array of bytes value
290 | ///
291 | public byte[] ReadMemory(long lpBaseAddress, int dwSize)
292 | {
293 | var buffer = new byte[dwSize];
294 | ReadProcessMemory(processHandle, lpBaseAddress, buffer, buffer.Length, ref bytesRead);
295 | return buffer;
296 | }
297 |
298 | ///
299 | /// Return a memory address and return to int value
300 | ///
301 | public int ReadInt32(long lpBaseAddress)
302 | {
303 | // http://www.pinvoke.net/default.aspx/kernel32.readprocessmemory
304 | byte[] buffer = new byte[8];
305 | ReadProcessMemory(processHandle, lpBaseAddress, buffer, 4, ref bytesRead);
306 | return BitConverter.ToInt32(buffer, 0);
307 | }
308 |
309 | ///
310 | /// Return a memory address and return to float or single value
311 | ///
312 | public Single ReadSingle(long lpBaseAddress)
313 | {
314 | // http://www.pinvoke.net/default.aspx/kernel32.readprocessmemory
315 | // http://stackoverflow.com/questions/30694922/modify-function-to-read-float-c-sharp
316 | byte[] buffer = new byte[8];
317 | ReadProcessMemory(processHandle, lpBaseAddress, buffer, 8, ref bytesRead);
318 | return BitConverter.ToSingle(buffer, 0); ;
319 | }
320 |
321 | ///
322 | /// Return a memory address and return to float or single value
323 | ///
324 | public float ReadFloat(long lpBaseAddress) //float and single is the same value, so we can use readSingle
325 | {
326 | return ReadSingle(lpBaseAddress);
327 | }
328 |
329 | ///
330 | /// Return a memory address and return to double value
331 | ///
332 | public Double ReadDouble(long lpBaseAddress)
333 | {
334 | byte[] buffer = new byte[8];
335 | ReadProcessMemory(processHandle, lpBaseAddress, buffer, 8, ref bytesRead);
336 | return BitConverter.ToDouble(buffer, 0); ;
337 | }
338 |
339 | ///
340 | /// Read a memory address and return to String
341 | ///
342 | public String ReadString(long lpBaseAddress, int length)
343 | {
344 | //http://stackoverflow.com/questions/1003275/how-to-convert-byte-to-string
345 | byte[] buffer = new byte[length];
346 | ReadProcessMemory(processHandle, lpBaseAddress, buffer, length, ref bytesRead);
347 | return System.Text.Encoding.UTF8.GetString(buffer); ;
348 | }
349 |
350 | ///
351 | /// Read memory pointer and return into int
352 | ///
353 | public int ReadMemoryPointerInt(long lpBaseAddress, int[] offsets)
354 | {
355 | foreach (int offset in offsets)
356 | {
357 | lpBaseAddress = ReadInt32(lpBaseAddress);
358 | lpBaseAddress += offset;
359 | }
360 | return ReadInt32(lpBaseAddress);
361 | }
362 |
363 | ///
364 | /// Return address
365 | ///
366 | public long GetPointerAddress(long lpBaseAddress, int[] offsets)
367 | {
368 | foreach (int offset in offsets)
369 | {
370 | lpBaseAddress = ReadInt32(lpBaseAddress);
371 | lpBaseAddress += offset;
372 | }
373 | return lpBaseAddress;
374 | }
375 | }
376 | }
377 |
--------------------------------------------------------------------------------
/MemoryX/MemoryX.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {DF85FBCD-1829-4587-87C1-68C4E25E2EA1}
8 | Library
9 | Properties
10 | MemoryX
11 | MemoryX
12 | v4.5.2
13 | 512
14 |
15 |
16 | true
17 | full
18 | false
19 | bin\Debug\
20 | DEBUG;TRACE
21 | prompt
22 | 4
23 |
24 |
25 | pdbonly
26 | true
27 | bin\Release\
28 | TRACE
29 | prompt
30 | 4
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/MemoryX/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("MemoryX")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("MemoryX")]
13 | [assembly: AssemblyCopyright("Copyright © 2017")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("df85fbcd-1829-4587-87c1-68c4e25e2ea1")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/MemoryXTest/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/MemoryXTest/MemoryXTest.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {8ACC75BA-61EA-49C0-A410-BDA41327760B}
8 | Exe
9 | MemoryXTest
10 | MemoryXTest
11 | v4.5.2
12 | 512
13 | true
14 |
15 |
16 | AnyCPU
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 | false
25 | false
26 |
27 |
28 | AnyCPU
29 | pdbonly
30 | true
31 | bin\Release\
32 | TRACE
33 | prompt
34 | 4
35 |
36 |
37 |
38 | ..\MemoryX\bin\Debug\MemoryX.dll
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
--------------------------------------------------------------------------------
/MemoryXTest/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Linq;
5 | using System.Runtime.InteropServices;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 |
9 | namespace MemoryXTest
10 | {
11 | class Program
12 | {
13 | static void Main(string[] args)
14 | {
15 |
16 | MemoryX.Memory myProc = new MemoryX.Memory();
17 |
18 | var procName = "Tutorial-x86_64";
19 | var address = 0x0162DB00;
20 |
21 | // for open our process
22 | myProc.GetProcessHandle(procName);
23 |
24 | //for some game you need to remove protection before Read or Write Value in address
25 | myProc.RemoveProtection(address);
26 |
27 | // for write memory string value to memory
28 | //myProc.WriteMemory(address, "Hello");
29 |
30 | //// for write memory int value to memory
31 | //myProc.WriteMemory(address, 12345);
32 |
33 | //// for write memory float or single value to memory
34 | //myProc.WriteMemory(address, 3.1415928f);
35 |
36 | //// for write memory double value to memory
37 | //myProc.WriteMemory(address, 7.1474d);
38 |
39 | //// for write memory byte value to memory
40 | //myProc.WriteMemory(address, 0xba);
41 |
42 | //// for write memory array of bytes value to memory
43 | //myProc.WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });
44 |
45 |
46 | // write an array of bytes in to memory
47 | myProc.WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });
48 |
49 | // for read a memory address value and return to array of bytes value
50 | byte[] arrBytes = myProc.ReadMemory(address, 5);
51 | // for print byte values
52 | foreach (byte b in arrBytes)
53 | Console.WriteLine(b.ToString("X"));
54 |
55 |
56 | // for read a memory address value and return to double
57 | Console.WriteLine(myProc.ReadDouble(address));
58 |
59 |
60 | // for read a memory address value and return to flot or Single
61 | Console.WriteLine(myProc.ReadFloat(address));
62 |
63 | // for read memory and return to string value
64 | Console.WriteLine(myProc.ReadString(address, 11));
65 |
66 | // for read a single byte value from memory
67 | Console.WriteLine("BYTES IS " + myProc.ReadMemory(address , 1)[0].ToString("X"));
68 |
69 | long addressOfPtr = myProc.GetBaseAddress("Tutorial-x86_64.exe") + 0x2C4A50;
70 | long valueOfPtr = myProc.ReadInt32(addressOfPtr);
71 | int myValue = myProc.ReadInt32(valueOfPtr);
72 |
73 | Console.WriteLine(addressOfPtr.ToString("X"));
74 | Console.WriteLine(valueOfPtr.ToString("X"));
75 |
76 | Console.WriteLine(myValue);
77 | Console.ReadLine();
78 |
79 | }
80 | }
81 | }
82 |
--------------------------------------------------------------------------------
/MemoryXTest/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("MemoryXTest")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("MemoryXTest")]
13 | [assembly: AssemblyCopyright("Copyright © 2017")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("8acc75ba-61ea-49c0-a410-bda41327760b")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # MemoryX
2 |
3 | The memory library for .NET applications helps you access Windows APIs such as `WriteProcessMemory` or `ReadProcessMemory` in the simplest way.
4 |
5 | ⚠️ This project is no longer active and maintained. Feel free to use code inside or forks and add new functionality to meet your needs.
6 |
7 | ## Motivation
8 |
9 | I created this library to help me read-write memory from any process, and game (at that time it's Warcraft III).
10 | I copied the code and started the new project over and over again.
11 | So I decided to learn how to create a library and plug it into my game helper.
12 |
13 | ## Functions
14 |
15 | ** Sometimes you might need to run an executable as administrator to access other process's memory.
16 |
17 | OpenProcess using process name, this will select the first process name that we've found.
18 |
19 | ```cs
20 | MemoryX.Memory MemX = new MemoryX.Memory();
21 | MemX.GetProcessHandle("notepad");
22 | ```
23 |
24 | OpenProcess using PID.
25 |
26 | ```cs
27 | MemoryX.Memory MemX = new MemoryX.Memory();
28 | MemX.GetProcessHandle(12345);
29 | ```
30 |
31 |
32 | ### Get BadAddress of a module
33 |
34 | ```cs
35 | public long GetBaseAddress(String moduleName)
36 | ```
37 |
38 | 
39 |
40 |
41 | #### Example
42 | ```cs
43 | var procName = "Tutorial-x86_64";
44 | long baseAddress = myProc.GetBaseAddress(procName + ".exe");
45 | Console.WriteLine("BaseAddress: {0}", (baseAddress).ToString("X")); // BaseAddress: 100000000
46 | ```
47 |
48 | ## Write Process Memory
49 |
50 | ```cs
51 | WriteMemory( [address], [data types])
52 | ```
53 |
54 | #### Write integer into selected address
55 |
56 | ```cs
57 | WriteMemory( address, 12345);
58 | ```
59 |
60 | #### Write string into selected address
61 |
62 | ```cs
63 | WriteMemory( address, "Hello");
64 | ```
65 |
66 | #### Write float value into selected address
67 |
68 | ```cs
69 | WriteMemory(address, 3.1415928f);
70 | ```
71 |
72 | #### Write double value into selected address
73 |
74 | ```cs
75 | WriteMemory(address, 7.1474d);
76 | ```
77 |
78 | #### Write a single byte value into address
79 |
80 | ```cs
81 | WriteMemory(address, 0xba);
82 | ```
83 |
84 | #### Write an array of bytes into address
85 |
86 | ```cs
87 | WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });
88 | ```
89 |
90 | ---------
91 |
92 |
93 | ## Read Process Memory
94 |
95 |
96 | #### Read one byte
97 |
98 | ```cs
99 | Console.WriteLine("BYTES IS " + myProc.ReadMemory(address , 1)[0].ToString("X"));
100 | ```
101 |
102 | #### Read int16 from memory using BitConverter
103 |
104 | ```cs
105 | byte[] b = myProc.ReadMemory(address, 2);
106 | Console.WriteLine(BitConverter.ToInt16(b, 0));
107 | ```
108 |
109 | ---
110 |
111 | ## For others example use:
112 |
113 | ```csharp
114 | // New an object , one object per process
115 | MemoryX.Memory myProc = new MemoryX.Memory();
116 |
117 | // for process name without .exe
118 | // Example you open task manager and see "notepad.exe"
119 | // you can change and put it into "procName" without extensions
120 | var procName = "notepad";
121 |
122 | //address for access our process memory
123 | var address = 0x000D1940;
124 |
125 | // for open our process
126 | myProc.GetProcessHandle(procName);
127 |
128 | // for write memory string value to memory
129 | myProc.WriteMemory(address, "Hello");
130 |
131 | // for write memory int value to memory
132 | myProc.WriteMemory(address, 12345);
133 |
134 | // for write memory float or single value to memory
135 | myProc.WriteMemory(address, 3.1415928f);
136 |
137 | // for write memory double value to memory
138 | myProc.WriteMemory(address, 7.1474d);
139 |
140 | // for write memory byte value to memory
141 | myProc.WriteMemory(address, 0xba);
142 |
143 | // for write memory array of bytes value to memory
144 | myProc.WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });
145 |
146 | // for read a single byte value from memory
147 | Console.WriteLine("BYTES IS " + myProc.ReadMemory(address , 1)[0].ToString("X"));
148 |
149 | byte[] arrBytes = myProc.ReadMemory(address, 5);
150 | // for print byte values
151 | foreach (byte b in arrBytes)
152 | Console.WriteLine(b.ToString("X"));
153 |
154 | // for read a memory address value and return to double
155 | Console.WriteLine(myProc.ReadDouble(address));
156 |
157 | // for read a memory address value and return to flot or Single
158 | Console.WriteLine(myProc.ReadFloat(address));
159 |
160 | // for read memory and return to string value
161 | Console.WriteLine(myProc.ReadString(address, 11));
162 |
163 |
164 | // get a base address of module and print out
165 | Console.WriteLine(myProc.GetBaseAddress("notepad.exe").ToString("X"));
166 | ```
167 |
168 | ## Read memory pointer
169 | ```cs
170 | MemoryX.Memory myProc = new MemoryX.Memory();
171 | var procName = "Tutorial-x86_64";
172 | myProc.GetProcessHandle(procName);
173 |
174 | long baseAddress = myProc.GetBaseAddress(procName + ".exe");
175 | long address = baseAddress + 0x002C4A80;
176 | int[] offsets = new int[] {0x10, 0x18 ,0 , 0x18};
177 |
178 | Console.WriteLine(myProc.ReadMemoryPointerInt(address, offsets));
179 | ```
180 |
181 | ## Write memory int to address
182 |
183 | ```cs
184 | MemoryX.Memory myProc = new MemoryX.Memory();
185 | String procName = "Tutorial-x86_64";
186 | myProc.GetProcessHandle(procName);
187 |
188 | long baseAddress = myProc.GetBaseAddress(procName + ".exe");
189 | long address = baseAddress + 0x002C4A00;
190 | int[] offsets = new int[] { 0x598, 0x6F0, 0xD8, 0xA0, 0x780 };
191 |
192 | Console.WriteLine(myProc.WriteMemoryPointer(address, offsets, 666));
193 | ```
194 |
195 | ## Contributing
196 |
197 | Pull requests are welcome =D.
198 |
--------------------------------------------------------------------------------
/images/baseAddress.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ayuthmang/MemoryX/19c9d8fa74a94397c069e6f73f74a93c972a0a97/images/baseAddress.png
--------------------------------------------------------------------------------