mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
56 lines
1.7 KiB
C#
56 lines
1.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: ProcessMemoryReaderLib.ProcessMemoryReaderApi
|
|||
|
// Assembly: AutoKMS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: D1CED9E3-1FC7-49B8-B3AC-44976AB7F6E4
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\HackTool.Win32.KMSAuto.i-f317ba4d4051fad64a0aa45b587fa3dcea795bac30acec2872779abe31a07cbe.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
namespace ProcessMemoryReaderLib
|
|||
|
{
|
|||
|
internal class ProcessMemoryReaderApi
|
|||
|
{
|
|||
|
[DllImport("kernel32.dll")]
|
|||
|
public static extern IntPtr OpenProcess(
|
|||
|
uint dwDesiredAccess,
|
|||
|
int bInheritHandle,
|
|||
|
uint dwProcessId);
|
|||
|
|
|||
|
[DllImport("kernel32.dll")]
|
|||
|
public static extern int CloseHandle(IntPtr hObject);
|
|||
|
|
|||
|
[DllImport("kernel32.dll")]
|
|||
|
public static extern int ReadProcessMemory(
|
|||
|
IntPtr hProcess,
|
|||
|
IntPtr lpBaseAddress,
|
|||
|
[In, Out] byte[] buffer,
|
|||
|
uint size,
|
|||
|
out IntPtr lpNumberOfBytesRead);
|
|||
|
|
|||
|
[DllImport("kernel32.dll")]
|
|||
|
public static extern int WriteProcessMemory(
|
|||
|
IntPtr hProcess,
|
|||
|
IntPtr lpBaseAddress,
|
|||
|
[In, Out] byte[] buffer,
|
|||
|
uint size,
|
|||
|
out IntPtr lpNumberOfBytesWritten);
|
|||
|
|
|||
|
[Flags]
|
|||
|
public enum ProcessAccessType
|
|||
|
{
|
|||
|
PROCESS_TERMINATE = 1,
|
|||
|
PROCESS_CREATE_THREAD = 2,
|
|||
|
PROCESS_SET_SESSIONID = 4,
|
|||
|
PROCESS_VM_OPERATION = 8,
|
|||
|
PROCESS_VM_READ = 16, // 0x00000010
|
|||
|
PROCESS_VM_WRITE = 32, // 0x00000020
|
|||
|
PROCESS_DUP_HANDLE = 64, // 0x00000040
|
|||
|
PROCESS_CREATE_PROCESS = 128, // 0x00000080
|
|||
|
PROCESS_SET_QUOTA = 256, // 0x00000100
|
|||
|
PROCESS_SET_INFORMATION = 512, // 0x00000200
|
|||
|
PROCESS_QUERY_INFORMATION = 1024, // 0x00000400
|
|||
|
}
|
|||
|
}
|
|||
|
}
|