망했지만기록용으로보관그림판64비트메모리읽기
비공개
(손님)
2023.01.10 03:28:03
망했지만 기록용으로 보관 - 그림판(64비트) 메모리 읽기
using System.Diagnostics;
using System.Drawing.Imaging;
using System.Runtime.InteropServices;
using System.Runtime.Serialization.Formatters.Binary;
using System.Windows.Forms;

namespace mspaintcap
{
    public partial class Form1 : Form
    {
        [DllImport("kernel32.dll")]
        public static extern int OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(int hProcess, Int64 lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead);

        // https://blog.sweetchip.kr/265
        public uint DELETE = 0x00010000;
        public uint READ_CONTROL = 0x00020000;
        public uint WRITE_DAC = 0x00040000;
        public uint WRITE_OWNER = 0x00080000;
        public uint SYNCHRONIZE = 0x00100000;
        public uint END = 0xFFF;

        Process[] p;

        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {

        }

        private void buttonFind_Click(object sender, EventArgs e)
        {
            try
            {
                p = Process.GetProcessesByName("mspaint");                
            }
            catch { textBox1.Text = "error"; }        

            int processHandle = OpenProcess((DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | END), false, p[0].Id);
            textBox1.Text = processHandle.ToString();

            //var buf = ReadMemory(0x02312AAF0930, 65536*16, processHandle);
            var ImageBytes = ReadMemory(0x02312AAF0930, 1376 * 824 * 4, processHandle);

            //File.WriteAllBytes("a.raw", buf);

            Bitmap output = new Bitmap(1376, 824, PixelFormat.Format32bppArgb);
            Rectangle rect = new Rectangle(0, 0, output.Width, output.Height);
            BitmapData bmpData = output.LockBits(rect, ImageLockMode.ReadWrite, output.PixelFormat);
            IntPtr ptr = bmpData.Scan0;
            Marshal.Copy(ImageBytes, 0, ptr, ImageBytes.Length);
            output.UnlockBits(bmpData);

            for (int i = 0; i < ImageBytes.Length; i += 4)
            {
                byte R = ImageBytes[i];
                byte G = ImageBytes[i + 1];
                byte B = ImageBytes[i + 2];
                byte A = ImageBytes[i + 3];
                ImageBytes[i] = B;
                ImageBytes[i + 1] = G;
                ImageBytes[i + 2] = R;
                ImageBytes[i + 3] = A;                
            }


            Bitmap output2 = new Bitmap(64, 64, PixelFormat.Format32bppArgb);
            for (int y = 0; y < 64; y++)
            {
                for (int x = 0; x < 64; x++)
                {
                    output2.SetPixel(x, y, Color.Red);
                }
            }
            pictureBox1.Image = output2;

            pictureBox1.Refresh();


        }

        public static byte[] ReadMemory(Int64 adress, int processSize, int processHandle)

        {

            byte[] buffer = new byte[processSize];

            ReadProcessMemory(processHandle, adress, buffer, processSize, 0);

            return buffer;

        }

    }
} 3.233.219.103 |

잡담 | 372명이 읽었어요. 3.233.219.103 | | 10

레어·유머·자작 실시간 인기글
1 여자친구랑 6년째 사귀는 중이다 10시간 전
2 탁재훈 잡는 산다라박 05-27
3 데이트 폭력 신고 앙심 품고 동거녀 살해한 30대 남성 11시간 전
4 호주 노가다 아재들이 평가한 한국 건설 현장 9시간 전
5 수학여행가는 학생들때문에 지연됐다는 항공편의 진실? 15시간 전
댓글 0
메뉴 목록 맨위로 로그인
TE31.COM ⓒ 2002-2023
서버 부하 9%