MEM EDITOR

SUBMITTED BY: Guest

DATE: Aug. 12, 2014, 1:09 p.m.

FORMAT: C#

SIZE: 19.3 kB

Raw Download

HITS: 23782

Report
  1. Imports System.Runtime.InteropServices
  2. Module ReadWriteMemory_Advanced
  3. #Region "ReadWriteMemory"
  4. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
  5. Private Declare Function CloseHandle Lib "kernel32" (ByVal hProcess As Integer) As Integer
  7. <DllImport("kernel32.dll", SetLastError:=True, ExactSpelling:=True)> _
  8. Public Function VirtualAllocEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, _
  9. ByVal dwSize As UInteger, ByVal flAllocationType As UInteger, _
  10. ByVal flProtect As UInteger) As IntPtr
  11. End Function
  12. <DllImport("kernel32", CharSet:=CharSet.Auto, SetLastError:=True)> _
  13. Public Function VirtualProtectEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, _
  14. ByVal dwSize As IntPtr, ByVal flNewProtect As UInteger, _
  15. ByRef lpflOldProtect As UInteger) As Boolean
  16. End Function
  17. <DllImport("kernel32.dll", SetLastError:=True)> Private Function ReadProcessMemory _
  18. (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByRef lpBuffer As Byte, _
  19. ByVal iSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
  20. End Function
  22. Private Declare Function CoTaskMemAlloc Lib "ole32.dll" Alias "CoTaskMemAlloc" (ByVal nSize As Integer) As Integer
  24. Private Declare Function WriteProcessMemory1 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
  25. Private Declare Function WriteProcessMemory2 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Single, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Single
  26. Private Declare Function WriteProcessMemory3 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Long, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Long
  28. Private Declare Function ReadProcessMemory1 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
  29. Private Declare Function ReadProcessMemory2 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Single, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Single
  30. Private Declare Function ReadProcessMemory3 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Long, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Long
  31. Private Declare Function ReadProcessMemory4 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, <Out()> ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Boolean
  33. Const PROCESS_ALL_ACCESS = &H1F0FF
  35. <DllImport("kernel32.dll", SetLastError:=True)> _
  36. Public Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As System.UInt32, <Out()> ByRef lpNumberOfBytesWritten As Int32) As Boolean
  37. End Function
  39. Private Declare Function WriteProcessMemory4 Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByRef lpBuffer As Int32, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
  41. Public Function StrToByteArray(ByVal str As String) As Byte()
  42. Dim encoding As New System.Text.UTF8Encoding()
  43. Return encoding.GetBytes(str)
  44. End Function
  46. Public Function RemoveProtection(ByVal ProcessName As String, ByVal AddressOfStart As Integer, ByVal SizeToRemoveProtectionInBytes As Integer)
  47. For Each p As Process In Process.GetProcessesByName(ProcessName)
  48. Const PAGE_EXECUTE_READWRITE As Integer = &H40
  49. Dim oldProtect As Integer
  50. If Not VirtualProtectEx(p.Handle, New IntPtr(AddressOfStart), New IntPtr(SizeToRemoveProtectionInBytes), PAGE_EXECUTE_READWRITE, oldProtect) Then Throw New Exception
  51. p.Dispose()
  52. Next
  53. End Function
  55. Public Function AllocMem(ByVal ProcessName As String, ByVal AddressOfStart As Integer, ByVal SizeOfAllocationInBytes As Integer)
  56. Try
  58. For Each p As Process In Process.GetProcessesByName(ProcessName)
  59. Const MEM_COMMIT As Integer = &H1000
  60. Const PAGE_EXECUTE_READWRITE As Integer = &H40
  61. Dim pBlob As IntPtr = VirtualAllocEx(p.Handle, New IntPtr(AddressOfStart), New IntPtr(SizeOfAllocationInBytes), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
  62. If pBlob = IntPtr.Zero Then
  63. p.Dispose()
  64. End If
  65. Next
  66. Catch ex As Exception
  67. MsgBox(ex.Message)
  68. End Try
  69. End Function
  71. Public Function TestAlloc(ByVal ProcessName As String, ByVal AddressOfStart As Integer, ByVal nsize As Integer) As IntPtr
  72. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  73. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  74. Const MEM_COMMIT As Integer = &H1000
  75. Const PAGE_EXECUTE_READWRITE As Integer = &H40
  76. Dim buffer As IntPtr
  77. buffer = VirtualAllocEx(hProcess, New IntPtr(AddressOfStart), nsize, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
  78. CloseHandle(hProcess)
  79. Return buffer
  80. End Function
  82. Public Function WriteDMAInteger(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Value As Integer, ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Boolean
  83. Try
  84. Dim lvl As Integer = Address
  85. For i As Integer = 1 To Level
  86. lvl = ReadInteger(Process, lvl, nsize) + Offsets(i - 1)
  87. Next
  88. WriteInteger(Process, lvl, Value, nsize)
  89. Return True
  90. Catch ex As Exception
  91. Return False
  92. End Try
  93. End Function
  95. Public Function ReadDMAInteger(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Integer
  96. Try
  97. Dim lvl As Integer = Address
  98. For i As Integer = 1 To Level
  99. lvl = ReadInteger(Process, lvl, nsize) + Offsets(i - 1)
  100. Next
  101. Dim vBuffer As Integer
  102. vBuffer = ReadInteger(Process, lvl, nsize)
  103. Return vBuffer
  104. Catch ex As Exception
  106. End Try
  107. End Function
  109. Public Function WriteDMAFloat(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Value As Single, ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Boolean
  110. Try
  111. Dim lvl As Integer = Address
  112. For i As Integer = 1 To Level
  113. lvl = ReadFloat(Process, lvl, nsize) + Offsets(i - 1)
  114. Next
  115. WriteFloat(Process, lvl, Value, nsize)
  116. Return True
  117. Catch ex As Exception
  118. Return False
  119. End Try
  120. End Function
  122. Public Function ReadDMAFloat(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Single
  123. Try
  124. Dim lvl As Integer = Address
  125. For i As Integer = 1 To Level
  126. lvl = ReadFloat(Process, lvl, nsize) + Offsets(i - 1)
  127. Next
  128. Dim vBuffer As Single
  129. vBuffer = ReadFloat(Process, lvl, nsize)
  130. Return vBuffer
  131. Catch ex As Exception
  133. End Try
  134. End Function
  136. Public Function WriteDMALong(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Value As Long, ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Boolean
  137. Try
  138. Dim lvl As Integer = Address
  139. For i As Integer = 1 To Level
  140. lvl = ReadLong(Process, lvl, nsize) + Offsets(i - 1)
  141. Next
  142. WriteLong(Process, lvl, Value, nsize)
  143. Return True
  144. Catch ex As Exception
  145. Return False
  146. End Try
  147. End Function
  149. Public Function ReadDMALong(ByVal Process As String, ByVal Address As Integer, ByVal Offsets As Integer(), ByVal Level As Integer, Optional ByVal nsize As Integer = 4) As Long
  150. Try
  151. Dim lvl As Integer = Address
  152. For i As Integer = 1 To Level
  153. lvl = ReadLong(Process, lvl, nsize) + Offsets(i - 1)
  154. Next
  155. Dim vBuffer As Long
  156. vBuffer = ReadLong(Process, lvl, nsize)
  157. Return vBuffer
  158. Catch ex As Exception
  160. End Try
  161. End Function
  163. Public Sub WriteNOPs(ByVal ProcessName As String, ByVal Address As Long, ByVal NOPNum As Integer)
  164. Dim C As Integer
  165. Dim B As Integer
  166. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  167. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  169. B = 0
  170. For C = 1 To NOPNum
  171. Call WriteProcessMemory1(hProcess, Address + B, &H90, 1, 0&)
  172. CloseHandle(hProcess)
  173. B = B + 1
  174. Next C
  175. End Sub
  177. Public Sub WriteXBytes(ByVal ProcessName As String, ByVal Address As Long, ByVal Value As String)
  178. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  179. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  181. Dim C As Integer
  182. Dim B As Integer
  183. Dim D As Integer
  184. Dim V As Byte
  186. B = 0
  187. D = 1
  188. For C = 1 To Math.Round((Len(Value) / 2))
  189. V = Val("&H" & Mid$(Value, D, 2))
  190. Call WriteProcessMemory1(hProcess, Address + B, V, 1, 0&)
  191. CloseHandle(hProcess)
  192. B = B + 1
  193. D = D + 2
  194. Next C
  196. End Sub
  198. Public Sub WriteInteger(ByVal ProcessName As String, ByVal Address As Integer, ByVal Value As Integer, Optional ByVal nsize As Integer = 4)
  199. If ProcessName.EndsWith(".exe") Then
  200. ProcessName = ProcessName.Replace(".exe", "")
  201. End If
  202. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  203. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  205. Dim hAddress, vBuffer As Integer
  206. hAddress = Address
  207. vBuffer = Value
  208. WriteProcessMemory1(hProcess, hAddress, CInt(vBuffer), nsize, 0)
  209. CloseHandle(hProcess)
  210. End Sub
  212. Public Sub WriteFloat(ByVal ProcessName As String, ByVal Address As Integer, ByVal Value As Single, Optional ByVal nsize As Integer = 4)
  213. If ProcessName.EndsWith(".exe") Then
  214. ProcessName = ProcessName.Replace(".exe", "")
  215. End If
  216. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  217. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  219. Dim hAddress As Integer
  220. Dim vBuffer As Single
  222. hAddress = Address
  223. vBuffer = Value
  224. WriteProcessMemory2(hProcess, hAddress, vBuffer, nsize, 0)
  225. CloseHandle(hProcess)
  226. End Sub
  228. Public Sub WriteLong(ByVal ProcessName As String, ByVal Address As Integer, ByVal Value As Long, Optional ByVal nsize As Integer = 4)
  229. If ProcessName.EndsWith(".exe") Then
  230. ProcessName = ProcessName.Replace(".exe", "")
  231. End If
  232. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  233. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  235. Dim hAddress As Integer
  236. Dim vBuffer As Long
  238. hAddress = Address
  239. vBuffer = Value
  240. WriteProcessMemory3(hProcess, hAddress, vBuffer, nsize, 0)
  241. CloseHandle(hProcess)
  242. End Sub
  244. Public Sub WriteString(ByVal ProcessName As String, ByVal Address As Integer, ByVal Value As String, Optional ByVal nsize As Integer = 4)
  245. If ProcessName.EndsWith(".exe") Then
  246. ProcessName = ProcessName.Replace(".exe", "")
  247. End If
  248. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  249. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  251. Dim hAddress As Integer
  252. Dim vBuffer As Byte()
  254. hAddress = Address
  255. vBuffer = StrToByteArray(Value)
  256. WriteProcessMemory(hProcess, hAddress, vBuffer, vBuffer.Length, 0)
  257. CloseHandle(hProcess)
  258. End Sub
  260. Public Function WriteString2(ByVal ProcessName As String, ByVal Address As Integer, ByVal str As String) As Boolean
  261. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  262. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  263. For i As Integer = 0 To Len(str) - 1
  264. WriteProcessMemory4(hProcess, Address + i, Asc(Mid(str, i + 1, 1)), str.Length, 0)
  265. CloseHandle(hProcess)
  266. Next i
  267. Return 0
  268. End Function
  270. Public Function ReadInteger(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As Integer
  271. If ProcessName.EndsWith(".exe") Then
  272. ProcessName = ProcessName.Replace(".exe", "")
  273. End If
  274. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  275. If MyP.Length = 0 Then
  276. MessageBox.Show(ProcessName & " isn't open!")
  277. Exit Function
  278. End If
  279. Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, 0, MyP(0).Id)
  280. If hProcess = IntPtr.Zero Then
  281. MessageBox.Show("Failed to open " & ProcessName & "!")
  282. Exit Function
  283. End If
  285. Dim hAddress, vBuffer As Integer
  286. hAddress = Address
  287. ReadProcessMemory1(hProcess, hAddress, vBuffer, nsize, 0)
  288. Return vBuffer
  289. End Function
  291. Public Function ReadFloat(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As Single
  292. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  293. Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
  294. Dim hAddress As Integer
  295. Dim vBuffer As Single
  296. hAddress = Address
  297. ReadProcessMemory2(hProcess, hAddress, vBuffer, nsize, 0)
  298. CloseHandle(hProcess)
  299. Return vBuffer
  300. End Function
  302. Public Function ReadLong(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As Long
  303. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  304. Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
  306. Dim hAddress As Integer
  307. Dim vBuffer As Long
  309. hAddress = Address
  310. ReadProcessMemory3(hProcess, hAddress, vBuffer, nsize, 0)
  311. CloseHandle(hProcess)
  312. Return vBuffer
  313. End Function
  315. Private Function GetTextinMemory(ByVal ProcessHandle As IntPtr, ByVal MemoryAddress As IntPtr, ByVal CharsToRead As Integer, Optional ByVal IsUnicode As Boolean = True) As String
  316. Dim ReturnValue As String = vbNullString
  317. Dim StringBuffer() As Byte
  318. If IsUnicode Then
  319. ReDim StringBuffer(CharsToRead * 2 - 1)
  320. Else
  321. ReDim StringBuffer(CharsToRead - 1)
  322. End If
  323. Try
  324. 'Dim p As Process() = Process.GetProcessesByName(process0)
  325. If ReadProcessMemory(ProcessHandle, MemoryAddress, StringBuffer(0), StringBuffer.Length, Nothing) Then
  326. If IsUnicode Then
  327. ReturnValue = System.Text.Encoding.ASCII.GetString(StringBuffer)
  328. Else
  329. ReturnValue = System.Text.Encoding.Default.GetString(StringBuffer)
  330. End If
  331. End If
  333. Catch ex As Exception
  334. MsgBox(ex.Message)
  335. End Try
  336. Return ReturnValue
  337. End Function
  339. Public Function ReadString(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As String
  340. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  341. Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
  343. Dim hAddress As Integer
  344. Dim vBuffer As String
  346. hAddress = Address
  347. vBuffer = GetTextinMemory(hProcess, address, 16)
  348. CloseHandle(hProcess)
  349. Return vBuffer
  350. End Function
  352. Public Function ReadByteArray(ByVal ProcessName As String, ByRef Address As Integer, Optional ByVal nsize As Integer = 4) As Byte()
  353. Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
  354. Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
  356. Dim hAddress As Integer
  357. Dim vBuffer(nsize - 1) As Byte
  359. hAddress = Address
  360. ReadProcessMemory4(hProcess, hAddress, vBuffer, nsize, 0)
  361. CloseHandle(hProcess)
  362. Return vBuffer
  363. End Function
  364. #End Region
  365. #Region "ProcessRunning"
  366. Public Function IsProcessRunning(ByVal name As String) As Boolean
  368. For Each clsProcess As Process In Process.GetProcesses()
  369. If clsProcess.ProcessName.StartsWith(name) Then
  370. 'process found so it's running so return true
  371. Return True
  372. End If
  373. Next
  374. Return False
  375. End Function
  376. #End Region
  377. #Region "Undetected ReadWriteMemory" 'é_è
  378. Public Function uWriteLong(ByVal ProcessName As String, ByVal Address As Integer, ByVal Value As Long, Optional ByVal nsize As Integer = 4)
  379. Try
  380. Dim process_name As Process() = Process.GetProcessesByName(ProcessName)
  381. Dim baseaddr As Long = ReadLong(ProcessName, Address)
  382. Dim firstadd As Long = ReadLong(ProcessName, Address)
  383. WriteLong(ProcessName, Address, Value, nsize)
  384. Catch ex As Exception
  385. MsgBox(ProcessName & " n'est pas ouvert !", vbCritical, "Erreur")
  386. End Try
  387. End Function
  388. #End Region
  389. End Module
comments powered by Disqus