Skip to content

Instantly share code, notes, and snippets.

@RetiredQQ

RetiredQQ/memory.cs

Created June 22, 2016 17:07
Show Gist options
  • Save RetiredQQ/780a87b3e2a6662cf6427e96f56d20a5 to your computer and use it in GitHub Desktop.
Save RetiredQQ/780a87b3e2a6662cf6427e96f56d20a5 to your computer and use it in GitHub Desktop.
Download ZIP
C# - Class to Read and Write in RAM.
Raw
memory.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace memoryReader
{
static class Memory
{
#region DLL IMPORTS
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesWritten);
#endregion
#region ACCES FLAGS
const int PROCESS_WM_READ = 0x0010; //FLAG - Reading Memory
const int PROCESS_VM_WRITE = 0x0020; //FLAG - Writing Memory
const int PROCESS_VM_OPERATION = 0x0008;
#endregion
#region READ/WRITE FUNCTIONS
public static byte[] Read(int memoryAdress, int bufferLength)
{
IntPtr processHandleRead = OpenProcess(PROCESS_WM_READ, false, MainWindow.process.Id);
byte[] buffer = new byte[bufferLength];
IntPtr Zero = IntPtr.Zero;
ReadProcessMemory((int)processHandleRead, memoryAdress, buffer, buffer.Length, out Zero);
return buffer;
}
public static bool Write(int memoryAdress, int toWrite)
{
IntPtr processHandleWrite = OpenProcess(0x1F0FFF, false, MainWindow.process.Id);
byte[] buffer = BitConverter.GetBytes(toWrite);
IntPtr Zero = IntPtr.Zero;
return WriteProcessMemory((int)processHandleWrite, memoryAdress, buffer, buffer.Length, out Zero);
}
#endregion
public static int getModuleAdress(string dllName)
{
ProcessModuleCollection modules = MainWindow.process.Modules;
ProcessModule dllBaseAdressIWant;
foreach (ProcessModule i in modules)
{
if (i.ModuleName == dllName)
{
dllBaseAdressIWant = i;
return i.BaseAddress.ToInt32();
}
}
return 0;
}
public static int getRealAdressWithExe(string nameOfTheProcess, int[] offsets, int pointer)
{
IntPtr firstAdress = IntPtr.Add(MainWindow.process.MainModule.BaseAddress, pointer);
IntPtr firstAdressValue = (IntPtr)BitConverter.ToInt32(Memory.Read(firstAdress.ToInt32(), 4), 0);
IntPtr adress = firstAdress;
IntPtr adressValue = firstAdressValue;
for (int i = 0; i < offsets.Length; i++)
{
adress = IntPtr.Add(adressValue, offsets[i]);
adressValue = (IntPtr)BitConverter.ToInt32(Memory.Read(adress.ToInt32(), 4), 0);
}
return adress.ToInt32();
}
public static int getRealAdressWithDll(string nameOfTheDLL, int[] offsets, int pointer)
{
ProcessModuleCollection modules = MainWindow.process.Modules;
ProcessModule dllBaseAdressIWant;
IntPtr baseAdress = new IntPtr();
foreach (ProcessModule i in modules)
{
if (i.ModuleName == nameOfTheDLL)
{
dllBaseAdressIWant = i;
baseAdress = i.BaseAddress;
}
}
IntPtr firstAdress = IntPtr.Add(baseAdress, pointer);
IntPtr firstAdressValue = (IntPtr)BitConverter.ToInt32(Memory.Read(firstAdress.ToInt32(), 4), 0);
IntPtr adress = firstAdress;
IntPtr adressValue = firstAdressValue;
for (int i = 0; i < offsets.Length; i++)
{
adress = IntPtr.Add(adressValue, offsets[i]);
adressValue = (IntPtr)BitConverter.ToInt32(Memory.Read(adress.ToInt32(), 4), 0);
}
return adress.ToInt32();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment