Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version
Go to top

Minesweeper, Behind the scenes

, 13 Jan 2003
This article demonstrates directly reading another processes memory in C# using P/Invoke and Win32 Api's.
minememoryreader_demo.zip
ProcessMemoryReaderLib
MineSweeperReader
App.ico
bin
Debug
MineSweeperReader.exe
MineSweeperReader.pdb
ProcessMemoryReaderLib.dll
ProcessMemoryReaderLib.pdb
Mine.bmp
MineSweeperReader.csproj.user
obj
Debug
MineSweeperReader.exe
MineSweeperReader.exe.incr
MineSweeperReader.Form1.resources
MineSweeperReader.pdb
MineSweeperReader.projdata
temp
TempPE
ProcessMemoryReaderLib
bin
Debug
ProcessMemoryReaderLib.dll
ProcessMemoryReaderLib.pdb
obj
Debug
ProcessMemoryReaderLib.dll
ProcessMemoryReaderLib.dll.incr
ProcessMemoryReaderLib.pdb
ProcessMemoryReaderLib.projdata
temp
TempPE
ProcessMemoryReaderLib.csproj.user
ProcessMemoryReaderLib.suo
minememoryreader_src.zip
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ProcessMemoryReaderLib
{
	/// <summary>
	/// ProcessMemoryReader is a class that enables direct reading a process memory
	/// </summary>
	class ProcessMemoryReaderApi
	{
		// constants information can be found in <winnt.h>
		public const uint PROCESS_VM_READ = (0x0010);
		
		// function declarations are found in the MSDN and in <winbase.h> 
		
		//		HANDLE OpenProcess(
		//			DWORD dwDesiredAccess,  // access flag
		//			BOOL bInheritHandle,    // handle inheritance option
		//			DWORD dwProcessId       // process identifier
		//			);
		[DllImport("kernel32.dll")]
		public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);

		//		BOOL CloseHandle(
		//			HANDLE hObject   // handle to object
		//			);
		[DllImport("kernel32.dll")]
		public static extern Int32 CloseHandle(IntPtr hObject);

		//		BOOL ReadProcessMemory(
		//			HANDLE hProcess,              // handle to the process
		//			LPCVOID lpBaseAddress,        // base of memory area
		//			LPVOID lpBuffer,              // data buffer
		//			SIZE_T nSize,                 // number of bytes to read
		//			SIZE_T * lpNumberOfBytesRead  // number of bytes read
		//			);
		[DllImport("kernel32.dll")]
		public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,[In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
	}

	public class ProcessMemoryReader
	{

		public ProcessMemoryReader()
		{
		}

        /// <summary>	
		/// Process from which to read		
		/// </summary>
		public Process ReadProcess
		{
			get
			{
				return m_ReadProcess;
			}
			set
			{
				m_ReadProcess = value;
			}
		}

		private Process m_ReadProcess = null;

		private IntPtr m_hProcess = IntPtr.Zero;

		public void OpenProcess()
		{
			m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
		}

		public void CloseHandle()
		{
			int iRetValue;
			iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
			if (iRetValue == 0)
				throw new Exception("CloseHandle failed");
		}

		public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesReaded)
		{
			byte[] buffer = new byte[bytesToRead];
			
			IntPtr ptrBytesReaded;
			ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess,MemoryAddress,buffer ,bytesToRead,out ptrBytesReaded);
			
			bytesReaded = ptrBytesReaded.ToInt32();

			return buffer;
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

Share

About the Author

Arik Poznanski
Software Developer (Senior) Verint
Israel Israel
Arik Poznanski is a senior software developer at Verint. He completed two B.Sc. degrees in Mathematics & Computer Science, summa cum laude, from the Technion in Israel.
 
Arik has extensive knowledge and experience in many Microsoft technologies, including .NET with C#, WPF, Silverlight, WinForms, Interop, COM/ATL programming, C++ Win32 programming and reverse engineering (assembly, IL).
Follow on   Twitter   Google+

| Advertise | Privacy | Mobile
Web04 | 2.8.140916.1 | Last Updated 14 Jan 2003
Article Copyright 2003 by Arik Poznanski
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid