mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 11:55:26 +00:00
f2ac1ece55
add
48 lines
1.7 KiB
C#
48 lines
1.7 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: ProcessMemoryReaderLib.ProcessMemoryReader
|
|
// Assembly: AutoKMS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: D1CED9E3-1FC7-49B8-B3AC-44976AB7F6E4
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\HackTool.Win32.KMSAuto.i-f317ba4d4051fad64a0aa45b587fa3dcea795bac30acec2872779abe31a07cbe.exe
|
|
|
|
using System;
|
|
using System.Diagnostics;
|
|
|
|
namespace ProcessMemoryReaderLib
|
|
{
|
|
public class ProcessMemoryReader
|
|
{
|
|
private Process m_ReadProcess;
|
|
private IntPtr m_hProcess = IntPtr.Zero;
|
|
|
|
public Process ReadProcess
|
|
{
|
|
get => this.m_ReadProcess;
|
|
set => this.m_ReadProcess = value;
|
|
}
|
|
|
|
public void OpenProcess() => this.m_hProcess = ProcessMemoryReaderApi.OpenProcess(56U, 1, (uint) this.m_ReadProcess.Id);
|
|
|
|
public void CloseHandle()
|
|
{
|
|
if (ProcessMemoryReaderApi.CloseHandle(this.m_hProcess) == 0)
|
|
throw new Exception("CloseHandle failed");
|
|
}
|
|
|
|
public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
|
|
{
|
|
byte[] buffer = new byte[(IntPtr) bytesToRead];
|
|
IntPtr lpNumberOfBytesRead;
|
|
ProcessMemoryReaderApi.ReadProcessMemory(this.m_hProcess, MemoryAddress, buffer, bytesToRead, out lpNumberOfBytesRead);
|
|
bytesRead = lpNumberOfBytesRead.ToInt32();
|
|
return buffer;
|
|
}
|
|
|
|
public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
|
|
{
|
|
IntPtr lpNumberOfBytesWritten;
|
|
ProcessMemoryReaderApi.WriteProcessMemory(this.m_hProcess, MemoryAddress, bytesToWrite, (uint) bytesToWrite.Length, out lpNumberOfBytesWritten);
|
|
bytesWritten = lpNumberOfBytesWritten.ToInt32();
|
|
}
|
|
}
|
|
}
|