[Release] Class ProcessMemory

[bigtimt]

This is the memory reading/writing class that I wrote for WoWBasic.. Enjoy

some credits:
Shynd
ManagedWinAPI
MSDN

Code:

Imports System.Runtime.InteropServices
Imports System.Text.Encoding

Public Class ProcessMemory
    Public ReadOnly Process As Process

    Private hProcess As Int32
    Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Int32, ByVal bInheritHandle As Boolean, ByVal dwProcId As Int32) As Int32
    Private Declare Function ReadProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As Int32, ByVal nSize As Int32, ByVal lpNumberOfBytesWritten As Int32) As Boolean
    Private Declare Function WriteProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As Int32, ByVal nSize As Int32, ByVal lpNumberOfBytesWritten As Int32) As Boolean
    Private Declare Function VirtualAllocEx Lib "Kernel32.dll" (ByVal hProcess As Int32, ByVal Address As Int32, ByVal Size As Int32, ByVal AllocationType As Int32, ByVal flProtect As Int32) As Int32
    Private Declare Function _CreateRemoteThread Lib "Kernel32.dll" Alias "CreateRemoteThread" (ByVal hProcess As Int32, ByVal lpThreadAttributes As Int32, ByVal StackSize As Int32, ByVal StartAddress As Int32, ByVal Parameter As Int32, ByVal CreationFlags As Int32, ByVal ThreadID As Int32) As Int32
    Private Declare Function WaitForSingleObject Lib "Kernel32.dll" (ByVal hObj As Int32, ByVal Timeout As Int32) As Int32
    Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal hObj As Int32) As Boolean

    Public Sub New(ByVal Process As Process)
        System.Diagnostics.Process.EnterDebugMode()
        Me.Process = Process
        Me.hProcess = OpenProcess(&H1F0FFF, False, Process.Id)
    End Sub

    Public Function AllocateMemory(ByVal Size As Int32) As Int32
        Return VirtualAllocEx(hProcess, 0, Size, &H1000, &H40)
    End Function

    Public Sub CreateRemoteThread(ByVal ThreadAddress As Int32)
        Dim hThread As Int32 = _CreateRemoteThread(hProcess, 0, 0, ThreadAddress, 0, 0, 0)
        WaitForSingleObject(hThread, 10000)
        CloseHandle(hThread)
    End Sub

    Public Function ReadStruct(ByVal Address As Int32, ByVal StructureType As Type)
        Dim size As Int32 = Marshal.SizeOf(StructureType)
        Dim localPtr As IntPtr = Marshal.AllocHGlobal(size)
        Try
            ReadToPtr(Address, size, localPtr)
            Return Marshal.PtrToStructure(localPtr, StructureType)
        Finally
            Marshal.FreeHGlobal(localPtr)
        End Try
    End Function

    Public Sub WriteStruct(ByVal Address As Int32, ByVal Struct As Object)
        Dim size As Int32 = Marshal.SizeOf(Struct)
        Dim localPtr As Int32 = Marshal.AllocHGlobal(size)
        Try
            Marshal.StructureToPtr(Struct, localPtr, False)
            Write(Address, localPtr, size)
        Finally
            Marshal.FreeHGlobal(localPtr)
        End Try
    End Sub

    Private Sub ReadToPtr(ByVal Address As Int32, ByVal Length As Int32, ByVal Ptr As Int32)
        Try
            ReadProcessMemory(hProcess, Address, Ptr, Length, 0)
        Catch ex As Exception
            Debug.WriteLine(ex.Message)
        End Try
    End Sub

    Private Sub Write(ByVal Address As Int32, ByVal Ptr As Int32, ByVal Length As Int32)
        Try
            WriteProcessMemory(hProcess, Address, Ptr, Length, 0)
        Catch ex As Exception
            Debug.WriteLine(ex.Message)
        End Try
    End Sub

    Public Function ReadByte(ByVal Address As Int32) As Byte
        Return ReadStruct(Address, GetType(Byte))
    End Function

    Public Function ReadInt16(ByVal Address As Int32) As Int16
        Return ReadStruct(Address, GetType(Int16))
    End Function

    Public Function ReadInt32(ByVal Address As Int32) As Int32
        Return ReadStruct(Address, GetType(Int32))
    End Function

    Public Function ReadInt64(ByVal Address As Int32) As Int64
        Return ReadStruct(Address, GetType(Int64))
    End Function

    Public Sub WriteByte(ByVal Address As Int32, ByVal Value As Byte)
        WriteStruct(Address, Value)
    End Sub

    Public Sub WriteInt16(ByVal Address As Int32, ByVal Value As Int16)
        WriteStruct(Address, Value)
    End Sub

    Public Sub WriteInt32(ByVal Address As Int32, ByVal Value As Int32)
        WriteStruct(Address, Value)
    End Sub

    Public Sub WriteInt64(ByVal Address As Int32, ByVal Value As Int64)
        WriteStruct(Address, Value)
    End Sub

    Public Function ReadBytes(ByVal Address As Int32, ByVal Length As Int32) As Byte()
        Dim out(Length - 1) As Byte
        Dim i As Int32

        For i = 0 To Length - 1
            out(i) = ReadStruct(Address + i, GetType(Byte))
        Next
        Return out
    End Function

    Public Function ReadString(ByVal Address As Int32, ByVal Length As Int32) As String
        Return ASCII.GetString(ReadBytes(Address, Length)).Split(Chr(0))(0)
    End Function

    Public Sub WriteBytes(ByVal Address As Int32, ByVal Bytes() As Byte)
        Dim i As Int32

        For i = 0 To Bytes.Count - 1
            WriteStruct(Address + i, Bytes(i))
        Next
    End Sub

    Public Sub WriteString(ByVal Address As Int32, ByVal Str As String)
        WriteBytes(Address, ASCII.GetBytes(Str))
    End Sub
End Class

[Shynd]

For writing bytes to memory, copy the bytes into an unmanaged buffer that you allocate through Marshal.AllocHGlobal, then call WriteProcessMemory and pass the IntPtr to that unmanaged buffer as the third argument. Less API calls, less overhead, better way of doing it. I haven't written in a basic-like language for years, but it might look something like this:

Code:

Public Sub WriteBytes(ByVal Address as Int32, ByVal Bytes() As Byte) As Bool
    Dim ptr as IntPtr
    
    try
        ptr = Marshal.AllocHGlobal(Bytes.Count)
        Marshal.Copy(ptr, Bytes, something, something) '//I forget the arguments that .Copy takes
        Write(Address, ptr, Bytes.Count)
    catch
        WriteBytes = false '//Is this how you return a value from a VB subroutine?  I forget
    finally
        Marshal.FreeHGlobal(ptr)
    
    WriteBytes = true
EndSub

Code was all written in this browser so there are most-likely lots of errors. That, however, is how one should call WriteProcessMemory from managed code. Forget calling WriteStruct; copying the bytes directly to the buffer is the better way. That goes for WriteByte, WriteShort, WriteInt, etc., as well. Convert to bytes using the BitConverter class, copy bytes to unmanaged buffer, WPM on unmanaged buffer. Sure, it's basically the same as what you're doing, but with StructureToPtr you may, at times, find yourself running into problems and memory leaks.

[bigtimt]

thanks for the tips shynd, i really appreciate it