Created a TestApp project

glogrus · Oct 6, 2020 · ac439d3 · ac439d3
1 parent f676d3b
commit ac439d3
Show file tree

Hide file tree

Showing 18 changed files with 1,426 additions and 3 deletions.
diff --git a/Memory/Memory.csproj b/Memory/Memory.csproj
@@ -25,4 +25,10 @@
 		<PackageReference Include="System.Security.Principal.Windows" Version="4.7.0" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <None Update="app.manifest">
+	    <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+	  </None>
+	</ItemGroup>
+
 </Project>
diff --git a/Memory/memory.cs b/Memory/memory.cs
@@ -206,6 +206,65 @@ out IntPtr lpThreadId
         [DllImport("user32.dll")]
         static extern bool SetForegroundWindow(IntPtr hWnd);
 
+        private enum SnapshotFlags : uint
+        {
+            HeapList = 0x00000001,
+            Process = 0x00000002,
+            Thread = 0x00000004,
+            Module = 0x00000008,
+            Module32 = 0x00000010,
+            Inherit = 0x80000000,
+            All = 0x0000001F,
+            NoHeaps = 0x40000000
+        }
+        //inner struct used only internally
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+        private struct PROCESSENTRY32
+        {
+            const int MAX_PATH = 260;
+            internal UInt32 dwSize;
+            internal UInt32 cntUsage;
+            internal UInt32 th32ProcessID;
+            internal IntPtr th32DefaultHeapID;
+            internal UInt32 th32ModuleID;
+            internal UInt32 cntThreads;
+            internal UInt32 th32ParentProcessID;
+            internal Int32 pcPriClassBase;
+            internal UInt32 dwFlags;
+            [MarshalAs(UnmanagedType.ByValTStr, SizeConst = MAX_PATH)]
+            internal string szExeFile;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
+        public struct MODULEENTRY32
+        {
+            internal uint dwSize;
+            internal uint th32ModuleID;
+            internal uint th32ProcessID;
+            internal uint GlblcntUsage;
+            internal uint ProccntUsage;
+            internal IntPtr modBaseAddr;
+            internal uint modBaseSize;
+            internal IntPtr hModule;
+            [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 256)]
+            internal string szModule;
+            [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
+            internal string szExePath;
+        }
+
+        [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
+        static extern IntPtr CreateToolhelp32Snapshot([In] UInt32 dwFlags, [In] UInt32 th32ProcessID);
+
+        [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
+        static extern bool Process32First([In] IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
+        [DllImport("kernel32.dll")]
+        static extern bool Module32First(IntPtr hSnapshot, ref MODULEENTRY32 lpme);
+        [DllImport("kernel32.dll")]
+        static extern bool Module32Next(IntPtr hSnapshot, ref MODULEENTRY32 lpme);
+
+        [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
+        static extern bool Process32Next([In] IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
+
         // privileges
         const int PROCESS_CREATE_THREAD = 0x0002;
         const int PROCESS_QUERY_INFORMATION = 0x0400;
@@ -379,7 +438,6 @@ public bool OpenProcess(int pid)
 
                 // Lets set the process to 64bit or not here (cuts down on api calls)
                 Is64Bit = Environment.Is64BitOperatingSystem && (IsWow64Process(pHandle, out bool retVal) && !retVal);
-
                 Debug.WriteLine("Program is operating at Administrative level. Process #" + theProc + " is open and modules are stored.");
 
                 return true;
@@ -425,7 +483,6 @@ public bool Is64Bit
             private set { _is64Bit = value; }
         }
 
-
         /// <summary>
         /// Builds the process modules dictionary (names with addresses).
         /// </summary>
@@ -437,9 +494,35 @@ public void GetModules()
             modules.Clear();
             foreach (ProcessModule Module in theProc.Modules)
             {
-                if (!string.IsNullOrEmpty(Module.ModuleName) && !modules.ContainsKey(Module.ModuleName))
+                //if (!string.IsNullOrEmpty(Module.ModuleName) && !modules.ContainsKey(Module.ModuleName))
                     modules.Add(Module.ModuleName, Module.BaseAddress);
             }
+
+            /*IntPtr handleToSnapshot = IntPtr.Zero;
+            try
+            {
+                handleToSnapshot = CreateToolhelp32Snapshot((uint)SnapshotFlags.Module, (uint)theProc.Id);
+                MODULEENTRY32 moduleEntry = new MODULEENTRY32();
+                if (Module32First(handleToSnapshot, ref moduleEntry))
+                {
+                    do
+                    {
+                        modules.Add(moduleEntry.szModule, moduleEntry.modBaseAddr);
+                    } while (Module32Next(handleToSnapshot, ref moduleEntry));
+                }
+                else
+                {
+                    Debug.WriteLine(string.Format("Failed with win32 error code {0}", Marshal.GetLastWin32Error()));
+                }
+            }
+            catch (Exception ex)
+            {
+                Debug.WriteLine(string.Format("Can't get the process. {0}", ex));
+            }
+            finally
+            {
+                CloseHandle(handleToSnapshot);
+            }*/
         }
 
         public void SetFocus()

diff --git a/Test/TestApp/MemoryTestApp.sln b/Test/TestApp/MemoryTestApp.sln
@@ -0,0 +1,41 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30517.126
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestApplication", "MemoryTestApp\TestApplication.csproj", "{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Memory", "..\..\Memory\Memory.csproj", "{D506F6CE-1A4C-4655-809E-928893D45005}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Debug|x64.ActiveCfg = Debug|x64
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Debug|x64.Build.0 = Debug|x64
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Release|x64.ActiveCfg = Release|x64
+		{75D0CEA2-0444-4959-B797-91ADD7FD3A4A}.Release|x64.Build.0 = Release|x64
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Debug|x64.Build.0 = Debug|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Release|x64.ActiveCfg = Release|Any CPU
+		{D506F6CE-1A4C-4655-809E-928893D45005}.Release|x64.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {CAB30711-FD99-4F6D-B327-4D6A7114C98E}
+	EndGlobalSection
+EndGlobal
diff --git a/Test/TestApp/MemoryTestApp/App.config b/Test/TestApp/MemoryTestApp/App.config
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
+    </startup>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Security.Principal.Windows" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.3.0" newVersion="4.1.3.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
+</configuration>
diff --git a/Test/TestApp/MemoryTestApp/Classes/Processing.cs b/Test/TestApp/MemoryTestApp/Classes/Processing.cs
@@ -0,0 +1,126 @@
+using System;
+using System.Collections.Generic;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace TestApplication
+{
+    public partial class TrainerForm : Form
+    {
+        public bool ProcOpen = false;
+
+        /// <summary>
+        /// Process opening code. Generates a list of modules too.
+        /// </summary>
+        public void OpenTheProc()
+        {
+            if (String.Compare(ProcTypeBox.Text, "Name") == 0) // if combobox set to Name, use string
+                ProcOpen = m.OpenProcess(ProcTextBox.Text);
+            else // if combobox set to ID, use integer
+                ProcOpen = m.OpenProcess(Convert.ToInt32(ProcTextBox.Text));
+
+            if (ProcOpen) // if process opens successfully
+            {
+                foreach (KeyValuePair<string, IntPtr> kvp in m.modules) // iterate through process module list
+                {
+                    string[] arr = new string[4];
+                    ListViewItem itm;
+                    arr[0] = "0x" + kvp.Value.ToString("x8");
+                    arr[1] = kvp.Key;
+                    itm = new ListViewItem(arr);
+                    ModuleList.Items.Add(itm);
+                }
+                ProcStatus.Text = "Open";
+                ProcStatus.ForeColor = Color.Green;
+            }
+            else // on process open fail, show error message
+            {
+                MessageBox.Show("ERROR: Process open failed!");
+            }
+        }
+
+        /// <summary>
+        /// For the Read Address feature. Address goes in, value comes out.
+        /// </summary>
+        /// <param name="address">address to read from</param>
+        /// <param name="type">type of value that should be returned</param>
+        /// <returns></returns>
+        public string ReadOutput(string address, string type)
+        {
+            string ReadOutput = "";
+
+            switch (type)
+            {
+                case "string":
+                    ReadOutput = m.ReadString(address);
+                    break;
+                case "int":
+                    ReadOutput = m.ReadInt(address).ToString();
+                    break;
+                case "long":
+                    ReadOutput = m.ReadLong(address).ToString();
+                    break;
+                case "byte":
+                    ReadOutput = m.ReadByte(address).ToString();
+                    break;
+                case "double":
+                    ReadOutput = m.ReadDouble(address).ToString();
+                    break;
+                case "float":
+                    ReadOutput = m.ReadFloat(address).ToString();
+                    break;
+                case "UInt":
+                    ReadOutput = m.ReadUInt(address).ToString();
+                    break;
+                case "2 byte":
+                    ReadOutput = m.Read2Byte(address).ToString();
+                    break;
+                default:
+                    ReadOutput = "";
+                    break;
+            }
+
+            return ReadOutput;
+        }
+
+        // this function is async, which means it does not block other code
+        public async void SampleAoBScan(string ScanPattern)
+        {
+            if (!ProcOpen)
+                return;
+
+            IEnumerable<long> AoBScanResults;
+
+            // AoB scan and store it in AoBScanResults. We specify our start and end address regions to decrease scan time.
+            if (String.Compare(StartAddrBox.Text, "") == 0 || String.Compare(EndAddrBox.Text, "") == 0)
+            {
+                AoBScanResults = await m.AoBScan(ScanPattern, false, true);
+            }
+            else
+            {
+                AoBScanResults = await m.AoBScan(Convert.ToInt64(StartAddrBox.Text), Convert.ToInt64(EndAddrBox.Text), ScanPattern, false, true);
+            }
+
+            // Ex: get the first found address, store it in the variable SingleAoBScanResult
+            // long SingleAoBScanResult = AoBScanResults.FirstOrDefault();
+
+            // iterate through each found address.
+            foreach (long res in AoBScanResults)
+            {
+                string[] arr = new string[4];
+                ListViewItem itm;
+                arr[0] = res.ToString("x8");
+                itm = new ListViewItem(arr);
+
+                // because we run this in another thread, we need to invoke the UI thread elements
+                AobScanList.Invoke((MethodInvoker) delegate
+                {
+                    AobScanList.Items.Add(itm);
+                });
+            }
+        }
+    }
+}