Quantcast
Channel: VBForums - Visual Basic .NET
Viewing all articles
Browse latest Browse all 27072

VS 2010 How to find memory address with an value ?

$
0
0
[code]

Imports System.Runtime.InteropServices
Imports System.Reflection
Imports System.Collections.Generic

'------------------
'Creator: aeonhack
'Site: elitevs.net
'Created: 11/9/2011
'Changed: 3/17/2012
'Version: 1.2.0
'------------------
Class Scanner

Public ProgressChangeEvent As ProgressChangeDG
Delegate Sub ProgressChangeDG(ByVal value As Integer)

Sub New(progressChange As ProgressChangeDG)
ProgressChangeEvent = progressChange
End Sub

#Region " Properties "

Property Handle() As IntPtr

Private _Pages As New List(Of PAGE)
ReadOnly Property Pages() As PAGE()
Get
Return _Pages.ToArray
End Get
End Property

Private _Results As New List(Of Integer)
Property Results As Integer()
Get
Return _Results.ToArray
End Get
Set(value As Integer())
_Results = New List(Of Integer)(value)
End Set
End Property

#End Region

#Region " Process "

Private PID As Integer
Public Sub OpenProcess(ByVal processId As Integer)
PID = processId
_Handle = OpenProcess(1080, False, processId)
If _Handle = IntPtr.Zero Then
Dim Win32Error As Integer = Marshal.GetLastWin32Error

If Win32Error = 5 Then
'Requires elevation.
End If

Throw New Exception(CStr(Win32Error))
End If
End Sub

Public Sub CloseProcess()
CloseHandle(_Handle)

_Handle = IntPtr.Zero
_Pages.Clear()
_Results.Clear()

_Mask = Nothing
_Data = Nothing
_Search = Nothing
End Sub

#End Region

#Region " Scanning "

Public Sub ScanPages()
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException

_Pages.Clear()
Dim Current As Integer

While True
Dim T As New INFORMATION
If QueryEx(_Handle, Current, T, 28) = 0 Then Exit While

If T.State = 4096 AndAlso T.Protect = 4 AndAlso Not T.RegionSize = 0 Then
_Pages.Add(New PAGE(T.BaseAddress, T.RegionSize))
End If

If (CUInt(T.BaseAddress.ToInt32) + CUInt(T.RegionSize)) > Integer.MaxValue Then Exit While
Current = T.BaseAddress.ToInt32 + T.RegionSize
End While
End Sub

Public Sub FirstScan(ByVal search As Byte(), Optional ByVal index As Integer = 0, Optional ByVal [step] As Integer = 4, Optional ByVal mask As Byte() = Nothing)
CheckParameters(search, mask)
If [step] = 0 Then Throw New ArgumentOutOfRangeException

_Results.Clear()
ProgressChangeEvent(0)

Dim Count As Integer
Dim Size As Integer
Dim Base As Integer

For I As Integer = 0 To Pages.Length - 1
Size = Pages(I).Size
If Size >= (search.Length + index) Then

Base = Pages(I).Base.ToInt32
_Data = New Byte(Size - 1) {}

If ReadMem(_Handle, Base, _Data, _Data.Length, Count) Then
For O As Integer = index To Count - search.Length Step [step]
If ScanData(O) Then _Results.Add(Base + O)
Next
End If
End If

ProgressChangeEvent(CInt(((I + 1) / Pages.Length) * 100))
Next

ProgressChangeEvent(100)
End Sub

Public Sub NextScan(ByVal search As Byte(), Optional ByVal mask As Byte() = Nothing)
CheckParameters(search, mask)
If _Results.Count = 0 Then Throw New ArgumentOutOfRangeException
ProgressChangeEvent(0)

Dim Clean As Boolean
Dim Count As Integer
Dim Index As Integer

Dim Current As Integer
Dim Maximum As Integer = _Results.Count

_Data = New Byte(search.Length - 1) {}
Do Until Clean OrElse _Results.Count = 0
Clean = True
For R As Integer = Index To _Results.Count - 1
Index = R
Current += 1

If ReadMem(_Handle, _Results(R), _Data, _Data.Length, Count) Then
Clean = ScanData(0)
Else
Clean = False
End If

If Not Clean Then
_Results.RemoveAt(R)
Exit For
End If

ProgressChangeEvent(CInt((Current / Maximum) * 100))
Next
Loop

ProgressChangeEvent(100)
End Sub

Private _Mask As Byte()
Private _Data As Byte()
Private _Search As Byte()
Private HandleMask As Boolean
Private MaskIndex As Integer

Private Function ScanData(ByVal offset As Integer) As Boolean
If HandleMask Then
For I As Integer = MaskIndex To _Search.Length - 1
If _Mask(I) = 255 AndAlso Not _Data(offset + I) = _Search(I) Then Return False
Next
Else
For I As Integer = 0 To _Search.Length - 1
If Not _Data(offset + I) = _Search(I) Then Return False
Next
End If

Return True
End Function

#End Region

#Region " Validation "

Private Sub CheckParameters(ByVal search As Byte(), ByVal mask As Byte())
_Search = search
_Mask = mask

If _Handle = IntPtr.Zero Then Throw New InvalidOperationException
If search.Length = 0 Then Throw New ArgumentOutOfRangeException

If mask IsNot Nothing Then
If Not search.Length = mask.Length Then Throw New ArgumentOutOfRangeException
If Not CheckMask(mask) Then Throw New FormatException
HandleMask = True
Else
HandleMask = False
End If
End Sub

Private Function CheckMask(ByVal mask As Byte()) As Boolean
For I As Integer = 0 To mask.Length - 1
If mask(I) = 255 Then
MaskIndex = I
Return True
End If
Next

Return False
End Function

#End Region

#Region " Read / Write "

Public Function ReadMemory(ByVal address As Integer, ByVal length As Integer) As Byte()
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException
If address < 0 Then Throw New ArgumentOutOfRangeException
If length < 1 Then Throw New ArgumentOutOfRangeException

Dim Count As Integer
Dim Data(length - 1) As Byte

If Not ReadMem(_Handle, address, Data, Data.Length, Count) Then Throw New Exception(CStr(Marshal.GetLastWin32Error))

Return Data
End Function

Public Sub WriteMemory(ByVal address As Integer, ByVal data As Byte())
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException
If address < 0 Then Throw New ArgumentOutOfRangeException
If data.Length = 0 Then Throw New ArgumentOutOfRangeException

Dim Count As Integer
If Not WriteMem(_Handle, address, data, data.Length, Count) Then Throw New Exception(CStr(Marshal.GetLastWin32Error))
End Sub

#End Region

#Region " Alloc / Free "

Public Function Alloc(ByVal length As Integer) As Integer
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException
If length < 1 Then Throw New ArgumentOutOfRangeException

Dim T As Integer = AllocEx(_Handle, 0, length, 12288, 4).ToInt32
If T = 0 Then Throw New Exception(CStr(Marshal.GetLastWin32Error))

Return T
End Function

Public Sub Free(ByVal address As Integer)
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException
If address < 0 Then Throw New ArgumentOutOfRangeException

If Not FreeEx(_Handle, address, 0, 32768) Then Throw New Exception(CStr(Marshal.GetLastWin32Error))
End Sub

#End Region

#Region " Suspend / Resume "

Public Sub Suspend()
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException

Dim Handle As IntPtr
Dim P As Process = Process.GetProcessById(PID)

For Each T As ProcessThread In P.Threads
Handle = OpenThread(2, False, T.Id)

If Not Handle = IntPtr.Zero Then
SuspendThread(Handle)
End If
Next
End Sub

Public Sub [Resume]()
If _Handle = IntPtr.Zero Then Throw New InvalidOperationException

Dim Handle As IntPtr
Dim P As Process = Process.GetProcessById(PID)

For Each T As ProcessThread In P.Threads
Handle = OpenThread(2, False, T.Id)

If Not Handle = IntPtr.Zero Then
ResumeThread(Handle)
End If
Next
End Sub

#End Region

#Region " Win32 Calls "

<DllImport("kernel32.dll", EntryPoint:="OpenProcess", SetLastError:=True)> _
Private Shared Function OpenProcess( _
ByVal access As UInteger, _
ByVal inherit As Boolean, _
ByVal process As Integer) As IntPtr
End Function

<DllImport("kernel32.dll", EntryPoint:="OpenThread")> _
Private Shared Function OpenThread( _
ByVal access As UInteger, _
ByVal inherit As Boolean, _
ByVal thread As Integer) As IntPtr
End Function

<DllImport("kernel32.dll", EntryPoint:="SuspendThread")> _
Private Shared Function SuspendThread( _
ByVal handle As IntPtr) As Integer
End Function

<DllImport("kernel32.dll", EntryPoint:="ResumeThread")> _
Private Shared Function ResumeThread( _
ByVal handle As IntPtr) As Integer
End Function

<DllImport("kernel32.dll", EntryPoint:="VirtualQueryEx")> _
Private Shared Function QueryEx( _
ByVal handle As IntPtr, _
ByVal base As Integer, _
ByRef information As INFORMATION, _
ByVal length As Integer) As Integer
End Function

<DllImport("kernel32.dll", EntryPoint:="VirtualAllocEx", SetLastError:=True)> _
Private Shared Function AllocEx( _
ByVal handle As IntPtr, _
ByVal address As Integer, _
ByVal length As Integer, _
ByVal type As Integer, _
ByVal protect As Integer) As IntPtr
End Function

<DllImport("kernel32.dll", EntryPoint:="VirtualFreeEx", SetLastError:=True)> _
Private Shared Function FreeEx( _
ByVal handle As IntPtr, _
ByVal address As Integer, _
ByVal length As Integer, _
ByVal type As Integer) As Boolean
End Function

<DllImport("kernel32.dll", EntryPoint:="ReadProcessMemory", SetLastError:=True)> _
Shared Function ReadMem( _
ByVal handle As IntPtr, _
ByVal base As Integer, _
ByVal data As Byte(), _
ByVal dataLength As Integer, _
ByRef length As Integer) As Boolean
End Function

<DllImport("kernel32.dll", EntryPoint:="WriteProcessMemory", SetLastError:=True)> _
Shared Function WriteMem( _
ByVal handle As IntPtr, _
ByVal base As Integer, _
ByVal data As Byte(), _
ByVal dataLength As Integer, _
ByRef length As Integer) As Boolean
End Function

<DllImport("kernel32.dll", EntryPoint:="CloseHandle")> _
Private Shared Function CloseHandle( _
ByVal handle As IntPtr) As Boolean
End Function

#End Region

#Region " Structures "

Structure PAGE
Private _Base As IntPtr
ReadOnly Property Base() As IntPtr
Get
Return _Base
End Get
End Property

Private _Size As Integer
ReadOnly Property Size() As Integer
Get
Return _Size
End Get
End Property

Sub New(ByVal base As IntPtr, ByVal size As Integer)
_Base = base
_Size = size
End Sub
End Structure

<StructLayout(LayoutKind.Sequential, Pack:=1)> _
Private Structure INFORMATION
Public BaseAddress As IntPtr
Public AllocationBase As IntPtr
Public AllocationProtect As UInteger
Public RegionSize As Integer
Public State As UInteger
Public Protect As UInteger
Public Type As UInteger
End Structure

#End Region

End Class

[code/]

is there any one know how to use this scanner class to scan full memory (of game) by value and list all addresses in a list box

can you please write down an example

if there is any one can help me with that it will be so good

thanks in advance

Viewing all articles
Browse latest Browse all 27072

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>