Question about C# Writing in Memory

edit:removed

Originally Posted by Programmer213

;;

30 minutes later..
Serious question: Is this supposed to be C# or C++ ? Did you create a C# project and paste in C code?

---------- Post added at 01:43 PM ---------- Previous post was at 01:21 PM ----------

Originally Posted by Programmer213

;;

/bump .

sorry, but i dont like c++, so i will try it with c#. if someon has complete code, from which i can learn memory writing pls write it here^^

^^

edit: Am I crazy or did you post(in this thread) C++ code, not C# code? Referred to as "my code".

I'm not sure what's happening here but I will post basic code using Jorndel's class in C#

Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace MW31._9._461_Trainer
{
    public partial class MW3Trainer : Form
    {
        public MW3Trainer()
        {
            InitializeComponent();
        }

#region Basic Stuff
        [DllImport("kernel32.dll")]
        private static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
        [DllImport("kernel32.dll")]
        private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
        IntPtr pHandel;
        public bool Process_Handle(string ProcessName)
        {
            try
            {
                Process[] ProcList = Process.GetProcessesByName(ProcessName);
                if (ProcList.Length == 0)
                    return false;
                else
                {
                    pHandel = ProcList[0].Handle;
                    return true;
                }
            }
            catch (Exception ex)
            { Console.Beep();MessageBox.Show("Process_Handle - " + ex.Message); return false; }
        }
        private byte[] Read(int Address, int Length)
        {
            byte[] Buffer = new byte[Length];
            IntPtr Zero = IntPtr.Zero;
            ReadProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
            return Buffer;
        }
        private void Write(int Address, int Value)
        {
            byte[] Buffer = BitConverter.GetBytes(Value);
            IntPtr Zero = IntPtr.Zero;
            WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
        }
        private void Write(int Address, float Value)
        {
            byte[] Buffer = BitConverter.GetBytes(Value);
            IntPtr Zero = IntPtr.Zero;
            WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
        }
        #endregion   
        #region Write Functions (Integer & String)
        public void WriteInteger(int Address, int Value)
        {
            Write(Address, Value);
        }
        public void WriteString(int Address, string Text)
        {
            byte[] Buffer = new ASCIIEncoding().GetBytes(Text);
            IntPtr Zero = IntPtr.Zero;
            WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
        }
        public void WriteBytes(int Address, byte[] Bytes)
        {
            IntPtr Zero = IntPtr.Zero;
            WriteProcessMemory(pHandel, (IntPtr)Address, Bytes, (uint)Bytes.Length, out Zero);
        }
        public void WriteNOP(int Address)
        {
            byte[] Buffer = new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90 };
            IntPtr Zero = IntPtr.Zero;
            WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
        }
        public void WriteFloat(int Address, float Value)
        {
            Write(Address,Value);  
        } 
        #endregion
        #region Read Functions (Integer & String)
        public int ReadInteger(int Address, int Length = 4)
        {
            return BitConverter.ToInt32(Read(Address, Length), 0);
        }
        public string ReadString(int Address, int Length = 4)
        {
            return new ASCIIEncoding().GetString(Read(Address, Length));
        }
        public byte[] ReadBytes(int Address, int Length)
        {
            return Read(Address, Length);
        }
        #endregion

        private void buttonC4_Click(object sender, EventArgs e)
        {  
            if (Process_Handle("iw5sp"))
            {
                WriteInteger(0x01382154, 10);
            } 
        }

This is for MW3 SP, C4

.Doesn't matter anyway

.
Only part you have to modify is button event, A.K.A buttonC4_Click for this button on my form

Originally Posted by Lovroman

Jorndel's class in C#

Daum boy, you steal my code

Step 1:

Code:

[DllImport("kernel32.dll")]
private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);

^This is our Write to Memory Function, called from the kernel32.dll file. (Native)

Step 2:

Code:

public void WriteInteger(string ProcessName, int Address, int Value)
        {
            try
            {
                Process[] ProcList = Process.GetProcessesByName(ProcessName);
                if (ProcList.Length == 0)
                    return;
                else
                {
                    byte[] Buffer = BitConverter.GetBytes(Value);
                    IntPtr Zero = IntPtr.Zero;
                    WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
                }
            }
            catch (Exception ex)
            { return false; }
        }

And what you do is:

WriteInteger("game.exe", 0x123456, 5);

*Yes, I know it can be done better... But just quickly edited my source that was posted above

How do you know that I'm boy :O

I'm just bad at explaining so I didn't explain anything

Originally Posted by Jorndel

Daum boy, you steal my code

Step 1:

Code:

[DllImport("kernel32.dll")]
private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);

^This is our Write to Memory Function, called from the kernel32.dll file. (Native)

Step 2:

Code:

public void WriteInteger(string ProcessName, int Address, int Value)
        {
            try
            {
                Process[] ProcList = Process.GetProcessesByName(ProcessName);
                if (ProcList.Length == 0)
                    return;
                else
                {
                    byte[] Buffer = BitConverter.GetBytes(Value);
                    IntPtr Zero = IntPtr.Zero;
                    WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
                }
            }
            catch (Exception ex)
            { return false; }
        }

And what you do is:

*Yes, I know it can be done better... But just quickly edited my source that was posted above

Apart from being ugly as fuck, that code is just downright wrong; did you even check it before you posted it?

Don't think he checked it but no biggy.

Jorndel, two things you never spotted
You can't return a boolean and you never declared pHandel.
I know you declared in somewhere else in the class but then you wouldn't need
Process[] ProcList = Process.GetProcessesByName(ProcessName);
You also dont need an if else either since it returns anyway if the process isn't found.

Maybe like this instead.
WriteInteger will return true if it wrote, false if it doesn't or the process isnt found.

Code:

        [DllImport("kernel32.dll")]
        public static extern bool WriteProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesWritten);

        public bool WriteInteger(string ProcessName, int Address, int Value)
        {
            Process[] ProcList = Process.GetProcessesByName(ProcessName);
            if (ProcList.Length == 0) return false;

            byte[] Buffer = BitConverter.GetBytes(Value);
            return WriteProcessMemory(ProcList[0].Handle, Address, Buffer, Buffer.Length, 0);
        }

Originally Posted by Programmer213

sorry, but i dont like c++, so i will try it with c#. if someon has complete code, from which i can learn memory writing pls write it here^^

If you don't like C++, why not try Visual Basic? C# is more like C++ than VB.

Thx a lot for your code all, especially Jorndel. Before I read the posts from others i tried your code. So I found the mistakes quickly, then i came to the problem, that I have the offsets(378,14,0) and the baseAdress(004DF73C), but how can i count up these?
By the way, this forum is very helpful^^
"my" code:

[DllImport("kernel32.dll")]
private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
IntPtr pHandel;

public void WriteInteger(string ProcessName, int Address, int Value)
{
try
{
Process[] ProcList = Process.GetProcessesByName(ProcessName);
if (ProcList.Length == 0)
return;
else
{
byte[] Buffer = BitConverter.GetBytes(Value);
IntPtr Zero = IntPtr.Zero;
pHandel = ProcList[0].Handle;
WriteProcessMemory(pHandel, (IntPtr)Address, Buffer, (UInt32)Buffer.Length, out Zero);
}
}
catch (Exception ex) { }
}

private void Form1_Load(object sender, System.EventArgs e)
{
WriteInteger("ac_client", 0x123456, 5);
}

Originally Posted by Programmer213

Yea i noticed you were after a level 3 pointer but i was waiting to see what to come up with first.
If you're using Jorndel's mem class im not sure if you'l beable to just use what im about to post but at the very least, it'l give you an idea.

This is probably as simple as i could make it and still check for errors.

Code:

        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead);

        public int GetPointer(string ProcessName, int BasePointer, int[] Offsets)
        {
            Process[] ProcList = Process.GetProcessesByName(ProcessName);
            if (ProcList.Length == 0) return 0;

            byte[] Buffer = new byte[4];

            if (!ReadProcessMemory(ProcList[0].Handle, BasePointer, Buffer, 4, 0))
                return 0;//Just incase it fails to read

            int Base = BitConverter.ToInt32(Buffer, 0);
            for (int i = 0; i < Offsets.Length; i++)
            {
                if(!ReadProcessMemory(ProcList[0].Handle, Base + Offsets[i], Buffer, 4, 0))
                    return 0;//Just incase it fails to read
                Base = i != (Offsets.Length - 1) ? BitConverter.ToInt32(Buffer, 0) : Base += Offsets[i];
            }
            return Base;
        }

Code:

int YourAddy = GetPointer("ac_client", 0x4DF73C, new int[] { 0x378, 0x14, 0 });

And writing

Code:

WriteInteger("ac_client", YourAddy, 5);

I'm not a fan of looking for the process in every function. I think Jorndel's mem class stores the process handle so just modify the the code to use the stored handle.

someon can explain me the code in the for loop?(i dont understand why i've to read the pointer all the time)

Originally Posted by Programmer213

someon can explain me the code in the for loop?(i dont understand why i've to read the pointer all the time)

Because you're reading the value of each address. example
Say you have a level 2 pointer with offsets 0x20, 0x30
Starting Base 0x400000 with a value of 0x300000
Add your first offset to the first value
Next address 0x300020 with value 0x200000
Next address 0x200030 with value 0x100000 <- your address.

Open CE and look at your pointer.

thx i'll try it tomorrow

Try this:

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool CloseHandle(IntPtr hObject);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);

[DllImport("user32.dll", CharSet = CharSet.Auto)]
static extern IntPtr SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);

[DllImportAttribute("user32.dll")]
public static extern bool ReleaseCapture();

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);

[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr VirtualAlloc(IntPtr lpAddress, UIntPtr dwSize,
AllocationType flAllocationType, MemoryProtection flProtect);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool VirtualFree(IntPtr lpAddress, UIntPtr dwSize,
uint dwFreeType);

[DllImport("user32.dll", EntryPoint = "FindWindowA")]
public static extern int FindWindow(string lpClassName, string lpWindowName);

[DllImport("User32.dll")]
public static extern long GetWindowThreadProcessId(IntPtr hWnd, out int processId);

[DllImport("User32.dll", CharSet = CharSet.Auto, ExactSpelling = true)]
public static extern short GetAsyncKeyState(int vkey);
[Flags()]
public enum AllocationType : uint
{
COMMIT = 0x1000,
RESERVE = 0x2000,
RESET = 0x80000,
LARGE_PAGES = 0x20000000,
PHYSICAL = 0x400000,
TOP_DOWN = 0x100000,
WRITE_WATCH = 0x200000
}

[Flags()]
public enum MemoryProtection : uint
{
EXECUTE = 0x10,
EXECUTE_READ = 0x20,
EXECUTE_READWRITE = 0x40,
EXECUTE_WRITECOPY = 0x80,
NOACCESS = 0x01,
READONLY = 0x02,
READWRITE = 0x04,
WRITECOPY = 0x08,
GUARD_Modifierflag = 0x100,
NOCACHE_Modifierflag = 0x200,
WRITECOMBINE_Modifierflag = 0x400
}

[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr CreateToolhelp32Snapshot(SnapshotFlags dwFlags, uint th32ProcessID);

[Flags]
public enum SnapshotFlags : uint
{
HeapList = 0x00000001,
Process = 0x00000002,
Thread = 0x00000004,
Module = 0x00000008,
Module32 = 0x00000010,
All = (HeapList | Process | Thread | Module),
Inherit = 0x80000000,
NoHeaps = 0x40000000
}

[DllImport("kernel32")]
public static extern IntPtr CreateRemoteThread(
IntPtr hProcess,
IntPtr lpThreadAttributes,
uint dwStackSize,
UIntPtr lpStartAddress,
IntPtr lpParameter,
uint dwCreationFlags,
out IntPtr lpThreadId
);

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(
UInt32 dwDesiredAccess,
Int32 bInheritHandle,
Int32 dwProcessId
);

[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool VirtualFreeEx(
IntPtr hProcess,
IntPtr lpAddress,
UIntPtr dwSize,
uint dwFreeType
);

[DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true)]
public static extern UIntPtr GetProcAddress(
IntPtr hModule,
string procName
);

[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(
IntPtr hProcess,
IntPtr lpAddress,
uint dwSize,
uint flAllocationType,
uint flProtect
);

[DllImport("kernel32.dll")]
static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
string lpBuffer,
UIntPtr nSize,
out IntPtr lpNumberOfBytesWritten
);

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(
string lpModuleName
);

[DllImport("kernel32", SetLastError = true, ExactSpelling = true)]
internal static extern Int32 WaitForSingleObject(
IntPtr handle,
Int32 milliseconds
);

public uint GetProcess(string name)
{
var pList = Process.GetProcesses();
if (pLis*****unt() != 0)
{
foreach (var process in pList)
{
if (process.ProcessName == name)
{

// MessageBox.Show("Process found!");
return (uint)proces*****;
}
}
}
return 0;

}

Using:

var Handle = OpenProcess(0xF0FFF, false, (int)GetProcess("ProcessGame.exe"));
UIntPtr c;
byte[] change = { 0x8B, 0x45, 0xFF }; // installing this bytes by addres
WriteProcessMemory((IntPtr)Handle, (IntPtr)AnlimAmmo, change, 3, out c); // AnlimAmmo - addres (int anlimammo = 0x****)

Question about C# Writing in Memory

Post a Reply

Similar Threads

Tags for this Thread