├── .gitattributes
├── .gitignore
├── MemScan.sln
└── MemScan
├── App.config
├── MemScan.csproj
├── MemoryScanner.cs
├── Program.cs
├── Properties
└── AssemblyInfo.cs
└── WinAPI.cs
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/MemScan.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.168
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemScan", "MemScan\MemScan.csproj", "{0B53D753-BE57-4117-8CA0-3B7F405F900E}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x64 = Debug|x64
12 | Release|Any CPU = Release|Any CPU
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Debug|x64.ActiveCfg = Debug|x64
19 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Debug|x64.Build.0 = Debug|x64
20 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Release|x64.ActiveCfg = Release|x64
23 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}.Release|x64.Build.0 = Release|x64
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {B16D9412-F8D0-410C-B5AC-3D01E6AF39F7}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/MemScan/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/MemScan/MemScan.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {0B53D753-BE57-4117-8CA0-3B7F405F900E}
8 | Exe
9 | MemScan
10 | MemScan
11 | v4.5.1
12 | 512
13 | true
14 | true
15 |
16 |
17 | AnyCPU
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 |
26 |
27 | AnyCPU
28 | pdbonly
29 | true
30 | bin\Release\
31 | TRACE
32 | prompt
33 | 4
34 |
35 |
36 | true
37 | bin\x64\Debug\
38 | DEBUG;TRACE
39 | full
40 | x64
41 | prompt
42 | MinimumRecommendedRules.ruleset
43 | true
44 |
45 |
46 | bin\x64\Release\
47 | TRACE
48 | true
49 | pdbonly
50 | x64
51 | prompt
52 | MinimumRecommendedRules.ruleset
53 | true
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/MemScan/MemoryScanner.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Diagnostics;
6 | using System.Threading.Tasks;
7 | using System.Runtime.InteropServices;
8 |
9 | namespace MemScan
10 | {
11 | class MemoryScanner
12 | {
13 | public static string dumpProcessMemory(Process proc)
14 | {
15 | //Dumps Process Memory, Converts it to string array and returns. No writing to file needed.
16 | StringBuilder sb = new StringBuilder();
17 | IntPtr hProc = WinAPI.WinAPI.OpenProcess(WinAPI.WinAPI.ProcessAccessFlags.QueryInformation | WinAPI.WinAPI.ProcessAccessFlags.VirtualMemoryRead, false, proc.Id);
18 | WinAPI.WinAPI.MEMORY_BASIC_INFORMATION64 mbi = new WinAPI.WinAPI.MEMORY_BASIC_INFORMATION64();
19 | //32 bit
20 | //WinAPI.WinAPI.MEMORY_BASIC_INFORMATION mbi = new WinAPI.WinAPI.MEMORY_BASIC_INFORMATION()
21 | WinAPI.WinAPI.SYSTEM_INFO si = new WinAPI.WinAPI.SYSTEM_INFO();
22 | if (hProc == IntPtr.Zero)
23 | {
24 | //Failed.
25 | //Console.WriteLine("Unable to create a connection to the process! Error Code: {0}", WinAPI.WinAPI.GetLastError());
26 | //Environment.Exit(6);
27 | return null;
28 | }
29 | WinAPI.WinAPI.GetSystemInfo(out si);
30 | IntPtr hProc_min_addr = si.minimumApplicationAddress;
31 | IntPtr hProc_max_addr = si.maximumApplicationAddress;
32 | long hProc_long_min = (long)hProc_min_addr;
33 | long hProc_long_max = (long)hProc_max_addr;
34 | //string fileName = "dump-" + proc.Id + "-" + proc.ProcessName + "-2.txt";
35 | //StreamWriter sw = new StreamWriter(fileName);
36 |
37 | int bytesRead = 0;
38 |
39 | while (hProc_long_min < hProc_long_max)
40 | {
41 | bytesRead = WinAPI.WinAPI.VirtualQueryEx(hProc, hProc_min_addr, out mbi, (uint)Marshal.SizeOf(typeof(WinAPI.WinAPI.MEMORY_BASIC_INFORMATION64)));
42 | if (mbi.Protect == WinAPI.WinAPI.PAGE_READWRITE && mbi.State == WinAPI.WinAPI.MEM_COMMIT)
43 | {
44 | byte[] buffer = new byte[mbi.RegionSize];
45 | WinAPI.WinAPI.ReadProcessMemory(hProc, mbi.BaseAddress, buffer, mbi.RegionSize, ref bytesRead);
46 | for (long i = 0; i < mbi.RegionSize; i++)
47 | {
48 | //sw.WriteLine("0x{0} : {1}", mbi.BaseAddress + i.ToString("X"), (char)buffer[i]);
49 | //sw.Write((char)buffer[i]);
50 | sb.Append((char)buffer[i]);
51 | }
52 | }
53 | hProc_long_min += mbi.RegionSize;
54 | hProc_min_addr = new IntPtr(hProc_long_min);
55 | }
56 | //sw.Close();
57 |
58 | return sb.ToString();
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/MemScan/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Diagnostics;
5 | using System.Text;
6 |
7 | namespace MemScan
8 | {
9 | class Program
10 | {
11 | static void Main(string[] args)
12 | {
13 | bool verbose = true;
14 | string file = "results.txt";
15 | if (!File.Exists(file))
16 | {
17 | using (StreamWriter sw = File.CreateText(file))
18 | {
19 | sw.WriteLine("Output");
20 | }
21 | }
22 | string searchString = args[0];
23 | string withSpaces = String.Join(" ", searchString.ToCharArray());
24 | string b64ss = System.Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes(searchString));
25 | string b64spaces = String.Join(" ", b64ss.ToCharArray());
26 | Console.WriteLine(withSpaces);
27 | Console.ReadKey();
28 | Dictionary searchKeys = new Dictionary()
29 | {
30 | {"Search String",searchString },{"Base64 Encoded Search String",b64ss},{"Search String2",withSpaces},{"Base64 Search String2",b64spaces}
31 | };
32 | int i = 0;
33 | Process[] procs = Process.GetProcesses();
34 | if (verbose)
35 | {
36 | Console.WriteLine("[DEBUG] Number of Processes Found: {0}", procs.Length);
37 | Console.ReadKey();
38 | }
39 | foreach (var proc in procs)
40 | {
41 | i++;
42 | try
43 | {
44 | string strResult = MemoryScanner.dumpProcessMemory(proc).Replace("\0","").Replace("\n","").Replace("\r","");
45 |
46 |
47 | foreach (KeyValuePair kvp in searchKeys)
48 | {
49 | if (strResult.Contains(kvp.Value))
50 | {
51 | using (StreamWriter sw = File.AppendText(file))
52 | {
53 | string outLine = String.Format("[{0}]: Found {0} in {1} ProcID: {2}", kvp.Key, proc.ProcessName, proc.Id);
54 | Console.WriteLine(outLine);
55 | sw.WriteLine(outLine);
56 |
57 | }
58 | }
59 | else
60 | {
61 | if(verbose)
62 | Console.WriteLine("No String found in {0}:{1}", proc.ProcessName, proc.Id);
63 | }
64 | }
65 | }
66 | catch (Exception e)
67 | {
68 | if(verbose)
69 | Console.WriteLine("[ERROR] {0} - {1}", e.Message, proc.ProcessName);
70 | }
71 |
72 | }
73 | Console.WriteLine("[Finished]: {0}", i);
74 | Console.ReadKey();
75 | }
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/MemScan/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("MemScan")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("MemScan")]
13 | [assembly: AssemblyCopyright("Copyright © 2019")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("0b53d753-be57-4117-8ca0-3b7f405f900e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/MemScan/WinAPI.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using System.Text;
4 |
5 | namespace WinAPI
6 | {
7 | class WinAPI
8 | {
9 | #region Constants
10 | public const int MEM_COMMIT = 0x00001000;
11 | public const int PAGE_READWRITE = 0x04;
12 | public const int WM_CLIPBOARDUPDATE = 0x031D;
13 | public static IntPtr HWND_MESSAGE = new IntPtr(-3);
14 | #endregion
15 |
16 | #region Imports
17 | [DllImport("kernel32.dll", SetLastError = false)]
18 | public static extern void GetSystemInfo(out SYSTEM_INFO lpSystemInfo);
19 |
20 | [DllImport("kernel32.dll", SetLastError = true)]
21 | public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION64 lpBuffer, uint dwLength);
22 |
23 | //32 bit
24 | [DllImport("kernel32.dll", SetLastError = true)]
25 | public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
26 |
27 | [DllImport("kernel32.dll")]
28 | public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
29 |
30 | [DllImport("kernel32.dll", SetLastError = true)]
31 | public static extern bool ReadProcessMemory(IntPtr hProcess, long lpBaseAddress, byte[] lpBuffer, long dwSize, ref int lpNumberOfBytesRead);
32 |
33 | [DllImport("kernel32.dll")]
34 | public static extern uint GetLastError();
35 |
36 | [DllImport("user32.dll", SetLastError = true)]
37 | [return: MarshalAs(UnmanagedType.Bool)]
38 | public static extern bool AddClipboardFormatListener(IntPtr hwnd);
39 |
40 | [DllImport("user32.dll", SetLastError = true)]
41 | public static extern IntPtr SetParent(IntPtr hWndChild, IntPtr hWndNewParent);
42 |
43 | [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
44 | public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
45 |
46 | [DllImport("user32.dll")]
47 | public static extern int GetWindowTextLength(IntPtr hWnd);
48 |
49 | [DllImport("user32.dll")]
50 | public static extern IntPtr GetForegroundWindow();
51 |
52 |
53 | /**
54 | [DllImport("dbghelp.dll")]
55 | public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, MINI_DUMP_TYPE DumpType, [In] IntPtr ExceptionParam , [In] IntPtr UserStreamParam, [In] IntPtr CallbackParam);
56 |
57 | [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
58 | public static extern IntPtr CreateFileW(
59 | [MarshalAs(UnmanagedType.LPWStr)] string filename,
60 | [MarshalAs(UnmanagedType.U4)] FileAccess access,
61 | [MarshalAs(UnmanagedType.U4)] FileShare share,
62 | IntPtr securityAttributes,
63 | [MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
64 | [MarshalAs(UnmanagedType.U4)] FileAttributes flagsAndAttributes,
65 | IntPtr templateFile);
66 |
67 | [DllImport("kernel32.dll", SetLastError = true)]
68 | [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
69 | [SuppressUnmanagedCodeSecurity]
70 | [return: MarshalAs(UnmanagedType.Bool)]
71 | public static extern bool CloseHandle(IntPtr hObject);
72 | **/
73 |
74 | /**
75 | [DllImport("clrdump.dll", CharSet = CharSet.Unicode, SetLastError = true)]
76 | public static extern Int32 CreateDump(Int32 ProcessId, string FileName,
77 | Int32 DumpType, Int32 ExcThreadId, IntPtr ExtPtrs);
78 | **/
79 |
80 | #endregion
81 |
82 | #region Enums
83 | /**
84 | public enum MINI_DUMP_TYPE : int
85 | {
86 | // From dbghelp.h:
87 | Normal = 0x00000000,
88 | WithDataSegs = 0x00000001,
89 | WithFullMemory = 2,
90 | WithHandleData = 0x00000004,
91 | FilterMemory = 0x00000008,
92 | ScanMemory = 0x00000010,
93 | WithUnloadedModules = 0x00000020,
94 | WithIndirectlyReferencedMemory = 0x00000040,
95 | FilterModulePaths = 0x00000080,
96 | WithProcessThreadData = 0x00000100,
97 | WithPrivateReadWriteMemory = 0x00000200,
98 | WithoutOptionalData = 0x00000400,
99 | WithFullMemoryInfo = 0x00000800,
100 | WithThreadInfo = 0x00001000,
101 | WithCodeSegs = 0x00002000,
102 | WithoutAuxiliaryState = 0x00004000,
103 | WithFullAuxiliaryState = 0x00008000,
104 | WithPrivateWriteCopyMemory = 0x00010000,
105 | IgnoreInaccessibleMemory = 0x00020000,
106 | [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", Justification = "")]
107 | ValidTypeFlags = 0x0003ffff,
108 | };
109 | **/
110 | [Flags]
111 | public enum ProcessAccessFlags : uint
112 | {
113 | All = 0x001F0FFF,
114 | Terminate = 0x00000001,
115 | CreateThread = 0x00000002,
116 | VirtualMemoryOperation = 0x00000008,
117 | VirtualMemoryRead = 0x00000010,
118 | VirtualMemoryWrite = 0x00000020,
119 | DuplicateHandle = 0x00000040,
120 | CreateProcess = 0x000000080,
121 | SetQuota = 0x00000100,
122 | SetInformation = 0x00000200,
123 | QueryInformation = 0x00000400,
124 | QueryLimitedInformation = 0x00001000,
125 | Synchronize = 0x00100000
126 | }
127 |
128 | public enum AllocationProtectEnum : uint
129 | {
130 | PAGE_EXECUTE = 0x00000010,
131 | PAGE_EXECUTE_READ = 0x00000020,
132 | PAGE_EXECUTE_READWRITE = 0x00000040,
133 | PAGE_EXECUTE_WRITECOPY = 0x00000080,
134 | PAGE_NOACCESS = 0x00000001,
135 | PAGE_READONLY = 0x00000002,
136 | PAGE_READWRITE = 0x00000004,
137 | PAGE_WRITECOPY = 0x00000008,
138 | PAGE_GUARD = 0x00000100,
139 | PAGE_NOCACHE = 0x00000200,
140 | PAGE_WRITECOMBINE = 0x00000400
141 | }
142 |
143 | public enum StateEnum : uint
144 | {
145 | MEM_COMMIT = 0x1000,
146 | MEM_FREE = 0x10000,
147 | MEM_RESERVE = 0x2000
148 | }
149 |
150 | public enum TypeEnum : uint
151 | {
152 | MEM_IMAGE = 0x1000000,
153 | MEM_MAPPED = 0x40000,
154 | MEM_PRIVATE = 0x20000
155 | }
156 |
157 | public enum ProcessorArchitecture
158 | {
159 | X86 = 0,
160 | X64 = 9,
161 | @Arm = -1,
162 | Itanium = 6,
163 | Unknown = 0xFFFF,
164 | }
165 |
166 | #endregion
167 |
168 |
169 | #region structs
170 | /**
171 | [StructLayout(LayoutKind.Sequential, Pack = 4)]
172 | public struct MINIDUMP_EXCEPTION_INFORMATION
173 | {
174 | public uint ThreadId;
175 | public IntPtr ExceptionPointers;
176 | public int ClientPointers;
177 | }
178 | **/
179 | //For if I add 32 bit compatibility
180 | [StructLayout(LayoutKind.Sequential)]
181 | public struct MEMORY_BASIC_INFORMATION
182 | {
183 | public IntPtr BaseAddress;
184 | public IntPtr AllocationBase;
185 | public uint AllocationProtect;
186 | public IntPtr RegionSize;
187 | public uint State;
188 | public uint Protect;
189 | public uint Type;
190 | }
191 | [StructLayout(LayoutKind.Sequential)]
192 | public struct MEMORY_BASIC_INFORMATION64
193 | {
194 | public long BaseAddress;
195 | public long AllocationBase;
196 | public int AllocationProtect;
197 | public int __alignment1;
198 | public long RegionSize;
199 | public int State;
200 | public int Protect;
201 | public int Type;
202 | public int __alignment2;
203 | }
204 |
205 |
206 |
207 | public struct SYSTEM_INFO
208 | {
209 | public ushort processorArchitecture;
210 | ushort reserved;
211 | public uint pageSize;
212 | public IntPtr minimumApplicationAddress;
213 | public IntPtr maximumApplicationAddress;
214 | public IntPtr activeProcessorMask;
215 | public uint numberOfProcessors;
216 | public uint processorType;
217 | public uint allocationGranularity;
218 | public ushort processorLevel;
219 | public ushort processorRevision;
220 | }
221 |
222 |
223 | #endregion
224 |
225 |
226 | }
227 | }
228 |
--------------------------------------------------------------------------------