Minesweeper, Behind the scenes

Arik Poznanski

Rate me:

4.94/5 (203 votes)

13 Jan 2003Ms-PL7 min read

605K

12.7K

248

This article demonstrates directly reading another processes memory in C# using P/Invoke and Win32 Api's.

minememoryreader_src.zip
- ProcessMemoryReader.cs
minememoryreader_demo.zip
- ProcessMemoryReaderLib
  - MineSweeperReader
    - App.ico
    - AssemblyInfo.cs
    - bin
      - Debug
        
        MineSweeperReader.exe
        
        MineSweeperReader.pdb
        
        ProcessMemoryReaderLib.dll
        
        ProcessMemoryReaderLib.pdb
    - frmMain.cs
    - frmMain.resx
    - Mine.bmp
    - MineSweeperReader.csproj
    - MineSweeperReader.csproj.user
    - obj
      - Debug
        
        MineSweeperReader.exe
        
        MineSweeperReader.exe.incr
        
        MineSweeperReader.Form1.resources
        
        MineSweeperReader.pdb
        
        MineSweeperReader.projdata
        
        temp
        
        TempPE
  - ProcessMemoryReaderLib.sln
  - ProcessMemoryReaderLib.suo
  - ProcessMemoryReaderLib
    - AssemblyInfo.cs
    - bin
      - Debug
        
        ProcessMemoryReaderLib.dll
        
        ProcessMemoryReaderLib.pdb
    - obj
      - Debug
        
        ProcessMemoryReaderLib.dll
        
        ProcessMemoryReaderLib.dll.incr
        
        ProcessMemoryReaderLib.pdb
        
        ProcessMemoryReaderLib.projdata
        
        temp
        
        TempPE
    - ProcessMemoryReader.cs
    - ProcessMemoryReaderLib.csproj
    - ProcessMemoryReaderLib.csproj.user

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ProcessMemoryReaderLib
{
	/// <summary>
	/// ProcessMemoryReader is a class that enables direct reading a process memory
	/// </summary>
	class ProcessMemoryReaderApi
	{
		// constants information can be found in <winnt.h>
		public const uint PROCESS_VM_READ = (0x0010);
		
		// function declarations are found in the MSDN and in <winbase.h> 
		
		//		HANDLE OpenProcess(
		//			DWORD dwDesiredAccess,  // access flag
		//			BOOL bInheritHandle,    // handle inheritance option
		//			DWORD dwProcessId       // process identifier
		//			);
		[DllImport("kernel32.dll")]
		public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);

		//		BOOL CloseHandle(
		//			HANDLE hObject   // handle to object
		//			);
		[DllImport("kernel32.dll")]
		public static extern Int32 CloseHandle(IntPtr hObject);

		//		BOOL ReadProcessMemory(
		//			HANDLE hProcess,              // handle to the process
		//			LPCVOID lpBaseAddress,        // base of memory area
		//			LPVOID lpBuffer,              // data buffer
		//			SIZE_T nSize,                 // number of bytes to read
		//			SIZE_T * lpNumberOfBytesRead  // number of bytes read
		//			);
		[DllImport("kernel32.dll")]
		public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,[In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
	}

	public class ProcessMemoryReader
	{

		public ProcessMemoryReader()
		{
		}

        /// <summary>	
		/// Process from which to read		
		/// </summary>
		public Process ReadProcess
		{
			get
			{
				return m_ReadProcess;
			}
			set
			{
				m_ReadProcess = value;
			}
		}

		private Process m_ReadProcess = null;

		private IntPtr m_hProcess = IntPtr.Zero;

		public void OpenProcess()
		{
			m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
		}

		public void CloseHandle()
		{
			int iRetValue;
			iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
			if (iRetValue == 0)
				throw new Exception("CloseHandle failed");
		}

		public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesReaded)
		{
			byte[] buffer = new byte[bytesToRead];
			
			IntPtr ptrBytesReaded;
			ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess,MemoryAddress,buffer ,bytesToRead,out ptrBytesReaded);
			
			bytesReaded = ptrBytesReaded.ToInt32();

			return buffer;
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

Written By

Arik Poznanski

Software Developer (Senior) Verint

Israel

Arik Poznanski is a senior software developer at Verint. He completed two B.Sc. degrees in Mathematics & Computer Science, summa cum laude, from the Technion in Israel.

Arik has extensive knowledge and experience in many Microsoft technologies, including .NET with C#, WPF, Silverlight, WinForms, Interop, COM/ATL programming, C++ Win32 programming and reverse engineering (assembly, IL).

Minesweeper, Behind the scenes

License

Comments and Discussions