Coder Social home page Coder Social logo

memoryx's Introduction

MemoryX

The memory library for .net application that helps you accesing Windows' API such as WriteProcessMemory or ReadProcessMemory in simplest way.

Functions

** Sometime you might need to run an executable as administrator to access other process's memory.

OpenProcess using process name, this will select the first process name that we've found.

    MemoryX.Memory MemX = new MemoryX.Memory();
    MemX.GetProcessHandle("notepad");

OpenProcess using PID.

    MemoryX.Memory MemX = new MemoryX.Memory();
    MemX.GetProcessHandle(12345);

Get BadAddress of a module

    public long GetBaseAddress(String moduleName)

baseAddress

Example

    var procName = "Tutorial-x86_64"; 
    long baseAddress = myProc.GetBaseAddress(procName + ".exe");
    Console.WriteLine("BaseAddress: {0}", (baseAddress).ToString("X")); // BaseAddress: 100000000

Write Process Memory

    WriteMemory( [address], [data types])

Write integer into selected address

    WriteMemory( address, 12345);

Write string into selected address

    WriteMemory( address, "Hello");

Write float value into selected address

    WriteMemory(address, 3.1415928f);

Write double value into selected address

    WriteMemory(address, 7.1474d);

Write a single byte value into address

    WriteMemory(address, 0xba);

Write an array of bytes into address

    WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });

Read Process Memory

Read one byte

    Console.WriteLine("BYTES IS "  + myProc.ReadMemory(address , 1)[0].ToString("X"));

Read int16 from memory using BitConverter

byte[] b = myProc.ReadMemory(address, 2);
Console.WriteLine(BitConverter.ToInt16(b, 0));

For others example use:

    // New an object , one object per process
    MemoryX.Memory myProc = new MemoryX.Memory();
    
    // for process name without .exe 
    // Example you open task manager and see "notepad.exe" 
    // you can change and put it into "procName" without extensions
    var procName = "notepad"; 
    
    //address for access our process memory
    var address = 0x000D1940;

    // for open our process
    myProc.GetProcessHandle(procName);

    // for write memory string value to memory
    myProc.WriteMemory(address, "Hello");

    // for write memory int value to memory
    myProc.WriteMemory(address, 12345);

    // for write memory float or single value to memory
    myProc.WriteMemory(address, 3.1415928f);

    // for write memory double value to memory
    myProc.WriteMemory(address, 7.1474d);

    // for write memory byte value to memory
    myProc.WriteMemory(address, 0xba);

    // for write memory array of bytes value to memory
    myProc.WriteMemory(address, new byte[] { 0xaa, 0xbb, 0xcc });
    
    // for read a single byte value from memory
    Console.WriteLine("BYTES IS "  + myProc.ReadMemory(address , 1)[0].ToString("X"));

    byte[] arrBytes = myProc.ReadMemory(address, 5);
    // for print byte values
    foreach (byte b in arrBytes)
        Console.WriteLine(b.ToString("X"));
    
    // for read a memory address value and return to double
    Console.WriteLine(myProc.ReadDouble(address));

    // for read a memory address value and return to flot or Single
    Console.WriteLine(myProc.ReadFloat(address));

    // for read memory and return to string value
    Console.WriteLine(myProc.ReadString(address, 11));


    // get a base address of module and print out
    Console.WriteLine(myProc.GetBaseAddress("notepad.exe").ToString("X"));

Read memory pointer

    MemoryX.Memory myProc = new MemoryX.Memory();
    var procName = "Tutorial-x86_64";
    myProc.GetProcessHandle(procName);
    
    long baseAddress = myProc.GetBaseAddress(procName + ".exe"); 
    long address = baseAddress + 0x002C4A80; 
    int[] offsets = new int[] {0x10, 0x18 ,0 , 0x18}; 
 
    Console.WriteLine(myProc.ReadMemoryPointerInt(address, offsets));

Write memory int to address

    MemoryX.Memory myProc = new MemoryX.Memory();
    String procName = "Tutorial-x86_64";
    myProc.GetProcessHandle(procName);

    long baseAddress = myProc.GetBaseAddress(procName + ".exe");
    long address = baseAddress + 0x002C4A00;
    int[] offsets = new int[] { 0x598, 0x6F0, 0xD8, 0xA0, 0x780 };

    Console.WriteLine(myProc.WriteMemoryPointer(address, offsets, 666));

Contributing

Pull requests are welcome =D.

memoryx's People

Contributors

ayuthmang avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.