-
Notifications
You must be signed in to change notification settings - Fork 85
/
Program.cs
52 lines (50 loc) · 1.91 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
using MhyProt2Drv.Driver;
using MhyProt2Drv.Utils;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace MhyProt2Drv
{
class Program
{
static void Main(string[] args)
{
DrvLoader loader = new DrvLoader();
loader.Load();
MhyProt2 mhyprot = new MhyProt2();
mhyprot.OpenDrv();
bool res = mhyprot.InitDrv((ulong)Process.GetCurrentProcess().Id);
if (!res)
{
Console.WriteLine("Init Error!");
}
else
{
Console.WriteLine("Enuming module of csrss.exe");
uint pid = (uint)Process.GetProcessesByName("csrss")[0].Id;
List<MhyProtEnumModule> m = mhyprot.EnumProcessModule(pid);
IntPtr baseAddr = IntPtr.Zero;
foreach(MhyProtEnumModule sm in m)
{
Console.WriteLine("ModuleName: " + sm.ModuleName + " ModulePath:" + sm.ModulePath + " BaseAddress:0x" + sm.BaseAddress.ToString("x2") + " Size:0x" + sm.SizeOfImage.ToString("x2"));
if (sm.ModuleName == "csrss.exe") baseAddr = sm.BaseAddress;
}
Memory mem = new Memory(mhyprot, pid);
long currentTicks = DateTime.Now.Ticks;
Console.WriteLine("Reading memory of csrss.exe");
for (int i = 0; i < 1000; i++)
{
mem.Read(baseAddr, 1024);
}
Console.WriteLine("Read memory 1000 times tooks total " + ((DateTime.Now.Ticks - currentTicks) / 10000).ToString() + "ms");
}
Console.ReadKey();
mhyprot.CloseHandle();
loader.UnLoad();
}
}
}