diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..1ff0c42
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln merge=binary
+#*.csproj merge=binary
+#*.vbproj merge=binary
+#*.vcxproj merge=binary
+#*.vcproj merge=binary
+#*.dbproj merge=binary
+#*.fsproj merge=binary
+#*.lsproj merge=binary
+#*.wixproj merge=binary
+#*.modelproj merge=binary
+#*.sqlproj merge=binary
+#*.wwaproj merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg binary
+#*.png binary
+#*.gif binary
+
+###############################################################################
+# diff behavior for common document formats
+#
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the
+# entries below.
+###############################################################################
+#*.doc diff=astextplain
+#*.DOC diff=astextplain
+#*.docx diff=astextplain
+#*.DOCX diff=astextplain
+#*.dot diff=astextplain
+#*.DOT diff=astextplain
+#*.pdf diff=astextplain
+#*.PDF diff=astextplain
+#*.rtf diff=astextplain
+#*.RTF diff=astextplain
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3c4efe2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,261 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# DNX
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# TODO: Comment the next line if you want to checkin your web deploy settings
+# but database connection strings (with potential passwords) will be unencrypted
+#*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+# NuGet v3's project.json files produces more ignoreable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+node_modules/
+orleans.codegen.cs
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# CodeRush
+.cr/
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
\ No newline at end of file
diff --git a/MemEnum.sln b/MemEnum.sln
new file mode 100644
index 0000000..d7f89f5
--- /dev/null
+++ b/MemEnum.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemEnum", "MemEnum\MemEnum.csproj", "{97A3FEF8-6651-41D6-B95F-71D678241EAE}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {97A3FEF8-6651-41D6-B95F-71D678241EAE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {97A3FEF8-6651-41D6-B95F-71D678241EAE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {97A3FEF8-6651-41D6-B95F-71D678241EAE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {97A3FEF8-6651-41D6-B95F-71D678241EAE}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/MemEnum/App.config b/MemEnum/App.config
new file mode 100644
index 0000000..8227adb
--- /dev/null
+++ b/MemEnum/App.config
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/MemEnum/MemEnum.csproj b/MemEnum/MemEnum.csproj
new file mode 100644
index 0000000..028b0e2
--- /dev/null
+++ b/MemEnum/MemEnum.csproj
@@ -0,0 +1,63 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {97A3FEF8-6651-41D6-B95F-71D678241EAE}
+ Exe
+ Properties
+ MemEnum
+ MemEnum
+ v4.5.2
+ 512
+ true
+
+
+
+ AnyCPU
+ true
+ full
+ false
+ bin\Debug\
+ DEBUG;TRACE
+ prompt
+ 4
+ false
+
+
+ AnyCPU
+ pdbonly
+ true
+ bin\Debug\
+ TRACE
+ prompt
+ 4
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/MemEnum/Program.cs b/MemEnum/Program.cs
new file mode 100644
index 0000000..c6eca94
--- /dev/null
+++ b/MemEnum/Program.cs
@@ -0,0 +1,571 @@
+/*
+ * SharpProcEnum
+ * By: Antonio Piazza 4n7m4n
+ * Twitter @antman1p
+ * 2/12/2019
+ *
+ * Create a program in any programming language of choice that can:
+ *
+ * 1. Enumerate all the running processes.
+ * 2. List all the running threads within process boundary.
+ * 3. Enumerate all the loaded modules within the processes.
+ * 4. Is able to show all the executable pages within the processes.
+ * 5. Gives us a capability to read the memory.
+ *
+ *
+ *
+ * References: https://stackoverflow.com/questions/648410/how-can-i-list-all-processes-running-in-windows
+ * https://stackoverflow.com/questions/10315862/get-list-of-threads
+ * https://stackoverflow.com/questions/36431220/getting-a-list-of-dlls-currently-loaded-in-a-process-c-sharp
+ * https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process?redirectedfrom=MSDN&view=netframework-4.7.2
+ * https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.getprocessbyid?view=netframework-4.7.2
+ * https://www.pinvoke.net/default.aspx/kernel32.openprocess
+ * https://www.pinvoke.net/default.aspx/psapi.enumprocessmodules
+ * https://www.pinvoke.net/default.aspx/psapi.getmodulefilenameex
+ * https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-enumprocessmodules
+ * https://www.codeproject.com/Articles/716227/Csharp-How-to-Scan-a-Process-Memory
+ * https://docs.microsoft.com/en-us/windows/desktop/Memory/memory-protection-constants
+ * https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499-
+ * https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_memory_basic_information
+ *
+ *
+ * INSTRUCTIONS: Use a 64 bit WIndows system. For BEST results, run as an administrator. Build using visual studio.
+*/
+
+
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+
+namespace MemEnum
+{
+ class Program
+ {
+ //Main FUnction calls the menu() function
+ static void Main(string[] args)
+ {
+ menu();
+
+ }
+
+ // The Menu function displays the menu to the console and takes user input to call the corresponding function
+ public static void menu()
+ {
+ string selection;
+ int selectInt;
+
+ // Write Menu to console
+ Console.WriteLine("\nInput number for your selection: " +
+ "\n1. List Processes" +
+ "\n2. List Threads of a process" +
+ "\n3. List Modules of a process" +
+ "\n4. Process memory protection Information" +
+ "\n5. Dump Process memory" +
+ "\n6. Quit\n");
+
+ // Get user input
+ selection = Console.ReadLine();
+
+ // Check to make sure input is an integer
+ try
+ {
+ selectInt = Convert.ToInt32(selection);
+
+ }
+ catch(Exception ex)
+ {
+ Console.WriteLine("Input not an integer. Please try again");
+ menu();
+ selectInt = 0;
+ }
+
+ // Make sure the integer is 1-6
+ if (selectInt < 1 || selectInt > 6)
+ {
+ Console.WriteLine("Input must be 1-5. Please try again");
+ menu();
+ }
+
+ // Switch to call the coresponding function based on user input as case
+ else
+ {
+ switch(selectInt)
+ {
+ case 1:
+ // Call the process listing function
+ ProcList();
+ break;
+ // Call the thread listing function
+ case 2:
+ ThreadList();
+ break;
+ // Call the Module listing function
+ case 3:
+ ModList();
+ break;
+ // Call the memory protection check function
+ case 4:
+ MemInfo();
+ break;
+ // Call the memory dumping function
+ case 5:
+ MemDump();
+ break;
+ // Call the program exit function to quit the program
+ case 6:
+ Environment.Exit(0);
+ break;
+ default:
+ break;
+
+ }
+ }
+
+
+
+ }
+ // Function to list the processes
+ public static void ProcList()
+ {
+ Process[] proclist = Process.GetProcesses();
+ // List each of the the processes to console
+ foreach (Process process in proclist)
+ {
+ // Print the proc ID and Name
+ Console.WriteLine("\nProcess: {0} PID: {1}", process.ProcessName, process.Id);
+
+ }
+ // Call the menu funciton again to return to the menu
+ menu();
+
+ }
+
+
+ // Function to list the threads of a process by PID
+ public static void ThreadList()
+ {
+ int pid;
+ string pidString;
+
+ // Prompt user for PID input
+ Console.WriteLine("\nInput the Process Id to list its running threads:");
+ pidString = Console.ReadLine();
+
+ // Check to make sure the input is an integer
+ try
+ {
+ pid = Convert.ToInt32(pidString);
+
+ }
+ // If not call the menu() funciton to return to the menu
+ catch (Exception ex)
+ {
+ Console.WriteLine("Input not an integer. Please try again");
+ menu();
+ pid = 0;
+ }
+
+ try
+ {
+ // Get the process object for the pid input
+ Process proc = Process.GetProcessById(pid);
+
+ // Get the collection of threads for the process
+ ProcessThreadCollection threads = proc.Threads;
+
+ // List the threads to console
+ foreach (ProcessThread thread in threads)
+ {
+ // List the thread start address in hex format, the thread state, and the thread's base priority
+ Console.WriteLine("TID: {0} Start Address: 0x{1} Thread State: {2} Base Priority: {3}", thread.Id, thread.StartAddress.ToString("X"), thread.ThreadState, thread.BasePriority);
+
+ }
+
+ }
+ // If it fails call the menu() function to return to the menu and alert the user to the failure
+ catch(Exception ex)
+ {
+ Console.WriteLine("No Process Found with that Process ID. \nError: {0}", ex);
+ menu();
+ }
+ // return to th menu
+ menu();
+ }
+
+ // Fucntion that lists the modules for a user selected process
+ public static void ModList()
+ {
+ int pid;
+ string pidString;
+
+ // Prompt user for the process ID of the process they want the modules listed for
+ Console.WriteLine("\nInput the Process Id to list its modules:");
+
+ // Get user input
+ pidString = Console.ReadLine();
+
+ // Ensure the input is an integer
+ try
+ {
+ pid = Convert.ToInt32(pidString);
+
+ }
+ // If not return to the menu and alert the user
+ catch (Exception ex)
+ {
+ Console.WriteLine("Input not an integer. Please try again");
+ menu();
+ pid = 0;
+ }
+
+ try
+ {
+ // Get the process requested by the user pid input
+ Process process = Process.GetProcessById(pid);
+ ProcessModule procMod;
+
+ // Get the module collection of the process
+ ProcessModuleCollection processModuleColl = process.Modules;
+
+ // For each module in the collection write the modules to console
+ for ( int i =0; i < processModuleColl.Count; i++)
+ {
+ procMod = processModuleColl[i];
+
+ // Write the module name and base address in hex
+ Console.WriteLine("File Name: {0} Base Address: 0x{1}", procMod.FileName, procMod.BaseAddress.ToString("X"));
+ }
+ }
+ // If it fails alert the user and return to the menu
+ catch(Exception ex)
+ {
+ Console.WriteLine("No Process Found with that Process ID. \nError: {0}", ex);
+ menu();
+ }
+
+ // return to the menu
+ menu();
+ }
+
+
+ // Function that checks the Access protection level of a memory location
+ public static void MemInfo()
+ {
+ int pid;
+ string pidString;
+ uint pageSize = 0x1000;
+ string memAddrStr;
+
+ // Prompt fo user input of the pid of the process that contains the loaded module that the user wants protection info for
+ Console.WriteLine("\nInput the Process Id for the module you want the protection information for:");
+
+ // Get user input for the pid
+ pidString = Console.ReadLine();
+
+ // ensure the input is an integer
+ try
+ {
+ pid = Convert.ToInt32(pidString);
+
+ }
+
+ // If not, go back to the menu and alert the usre
+ catch (Exception ex)
+ {
+ Console.WriteLine("Input not an integer. Please try again");
+ menu();
+ pid = 0;
+ }
+
+ // Ensure the pid is to a running process
+ try
+ {
+ Process proc = Process.GetProcessById(pid);
+ }
+ // If not return to the menu an dinform the user
+ catch (Exception ex)
+ {
+ Console.WriteLine("Not a valid process. \nError: {0}", ex);
+ menu();
+ }
+
+ // Prompt user for memory address in hex of the module the user wants protection info for
+ Console.WriteLine("\nInput the module base memory address in hex format (0x7ff...) to list protection Information:");
+
+ // get user input address
+ memAddrStr = Console.ReadLine();
+
+ // ensure that the user entered a hex address
+ try
+ {
+ Convert.ToInt64(memAddrStr, 16);
+ }
+ // If not alert the user and returnt o the menu
+ catch(Exception ex)
+ {
+ Console.WriteLine("Invalid Memory address format. Must be in hex, 0x... format. Error: {0}", ex);
+ menu();
+ }
+
+ // Create a new pointer from converting the user input string to a 64 bit integer
+ IntPtr base_mem_address = new IntPtr(Convert.ToInt64(memAddrStr, 16));
+
+
+ try
+ {
+ // Create a new basic memory information instancefrom the struct created belwo
+ MEMORY_BASIC_INFORMATION64 mem_basic_info = new MEMORY_BASIC_INFORMATION64();
+
+ // Winsows APOI function callopening the process with desired access level and saving the handle to the process
+ IntPtr pHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, pid);
+
+ // Windows API funciton call to query the process memory information and save the information in the basic information struct instance created above
+ VirtualQueryEx(pHandle, base_mem_address, out mem_basic_info, pageSize);
+
+ // Call the get Memory Constant String funciton and save it a s a string
+ string memProtectConstStr = getMemProtectConstStr(mem_basic_info.Protect);
+
+ // Write the Memory protection information string to the console
+ Console.WriteLine("\nProtection Information: {0}", memProtectConstStr);
+ }
+ // Or else return to the menu and alert the user of the failure
+ catch(Exception ex)
+ {
+ Console.WriteLine("\nFailed to Open memory location. \nError: {0}", ex);
+ menu();
+ }
+
+ // Return to the menu
+ menu();
+ }
+
+
+ // Function dumps the contents of the memory requested by the user to console
+ public static void MemDump()
+ {
+
+ string memAddrStr;
+ string pidString;
+
+ int buffWidth = 16;
+ int pid;
+ int offset = 0x1000;
+ int bytesRead = 0;
+
+ Int64 baseAddr;
+ var byteArray = new byte[offset];
+
+
+ // Prompt user to input the Process ID of the process that contains the loaded module for which they want to dump the memory
+ Console.WriteLine("\nInput the Process Id to view the memory:");
+
+ // get the user input process id
+ pidString = Console.ReadLine();
+ // Ensure the input pid is an integer
+ try
+ {
+ pid = Convert.ToInt32(pidString);
+
+ }
+ // If not return to the menu and alert the user
+ catch (Exception ex)
+ {
+ Console.WriteLine("\nInput not an integer. Please try again");
+ menu();
+ pid = 0;
+ }
+
+ // Ensure the pid is to a running process
+ try
+ {
+ Process proc = Process.GetProcessById(pid);
+ }
+ // If not return to the menu an dinform the user
+ catch(Exception ex)
+ {
+ Console.WriteLine("Not a valid process. \nError: {0}", ex);
+ menu();
+ }
+
+ // Prompt user to input the memory address in hex of the module they want to dup the memory for
+ Console.WriteLine("\nInput the module base memory address in hex format (0x7ff...) to dump the module memory:");
+
+ // get the user input memory address
+ memAddrStr = Console.ReadLine();
+
+ // Ensure the input is a memory address in hex
+ try
+ {
+ Convert.ToInt64(memAddrStr, 16);
+ }
+ // if not return to the menu and alert the user
+ catch (Exception ex)
+ {
+ Console.WriteLine("\nInvalid Memory address format. Must be in hex, 0x... format. \nError: {0}", ex);
+ menu();
+ }
+
+ // Create a new pointer from converting the user input string to a 64 bit integer
+ IntPtr base_mem_address = new IntPtr(Convert.ToInt64(memAddrStr, 16));
+
+
+
+ try
+ {
+ // Windows API fucntion call opening the process with desired access level and saving the handle to the process
+ IntPtr pHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, pid);
+
+ // Windows API call fucntion to read the process memory into a byte array
+ ReadProcessMemory(pHandle, base_mem_address, byteArray, offset, ref bytesRead);
+
+ }
+ // If it fails, return to the menu and alert the user
+ catch(Exception ex)
+ {
+ Console.WriteLine("Unable to dump memory. \nError: {0}", ex);
+ menu();
+ }
+
+ int position = 0;
+ int padding = (buffWidth * 2) + buffWidth;
+
+ Console.WriteLine("\n");
+
+ // Loop to print the memory dump to the consol ein "Hex Dump" typre format
+ while (position < offset)
+ {
+ string line = "";
+ line = "0x" + position.ToString("X8") + " ";
+ string printBytes = "";
+ string text = "";
+
+ for(int i = 0; i < (buffWidth-1); i++)
+ {
+ if(position >= offset) { break; }
+
+ printBytes += byteArray[position].ToString("X2") + " ";
+
+ if (char.IsLetterOrDigit((char)byteArray[position]) || char.IsPunctuation((char)byteArray[position]) || char.IsSymbol((char)byteArray[position]))
+ {
+ text += (char)byteArray[position];
+ }
+ else
+ {
+ text += '.';
+ }
+ position++;
+
+ }
+ line += printBytes.PadRight(padding, ' ');
+ line += " " + text;
+ Console.WriteLine(line);
+
+ }
+
+ // Return to the menu
+ menu();
+ }
+
+ // Function Converts Memory Protection Constant to its coresponding string value:
+ // https://docs.microsoft.com/en-us/windows/desktop/Memory/memory-protection-constants
+ public static string getMemProtectConstStr(uint memProtectConst)
+ {
+ string memProtectConstStr;
+ switch(memProtectConst)
+ {
+ case (10):
+ memProtectConstStr = "PAGE_EXECUTE"; break;
+ case (20):
+ memProtectConstStr = "PAGE_EXECUTE_READ"; break;
+ case (40):
+ memProtectConstStr = "PAGE_EXECUTE_READWRITE"; break;
+ case (80):
+ memProtectConstStr = "PAGE_EXECUTE_WRITECOPY"; break;
+ case (1):
+ memProtectConstStr = "PAGE_NOACCESS"; break;
+ case (2):
+ memProtectConstStr = "PAGE_READONLY"; break;
+ case (4):
+ memProtectConstStr = "PAGE_READWRITE"; break;
+ case (8):
+ memProtectConstStr = "PAGE_WRITECOPY"; break;
+ case (40000000):
+ memProtectConstStr = "PAGE_TARGETS_INVALID"; break;
+ case (100):
+ memProtectConstStr = "PAGE_GUARD"; break;
+ case (200):
+ memProtectConstStr = "PAGE_NOCACHE"; break;
+ case (400):
+ memProtectConstStr = "PAGE_WRITECOMBINE"; break;
+ default:
+ memProtectConstStr = "PAGE_NOACCESS"; break;
+ }
+
+ return memProtectConstStr;
+ }
+
+
+ // REQUIRED CONSTS
+ const int PROCESS_QUERY_INFORMATION = 0x0400;
+ const int MEM_COMMIT = 0x00001000;
+
+ const int PAGE_READONLY = 0x02;
+ const int PAGE_READWRITE = 0x04;
+ const int PAGE_EXECUTE = 0x10;
+ const int PAGE_EXECUTE_READ = 0x20;
+ const int PAGE_EXECUTE_READWRITE = 0x40;
+ const int PAGE_EXECUTE_WRITECOPY = 0x80;
+
+ const int PROCESS_WM_READ = 0x0010;
+
+ // REQUIRED METHODS
+ //[DllImport("kernel32.dll")]
+ //static extern void GetSystemInfo(out SYSTEM_INFO lpSystemInfo);
+
+ //Windows API function to Query the memory infomration of a process
+ [DllImport("kernel32.dll", SetLastError = true)]
+ static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress,
+ out MEMORY_BASIC_INFORMATION64 lpBuffer, uint dwLength);
+
+ // Windows API funciton to read the process memory to a byte array
+ [DllImport("kernel32.dll")]
+ public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
+ byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
+
+ // Windows API funcition to open a process
+ [DllImport("kernel32.dll")]
+ public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
+
+ // REQUIRED STRUCTS
+ //public struct SYSTEM_INFO
+ //{
+ // public ushort processorArchitecture;
+ // ushort reserved;
+ // public uint pageSize;
+ // public IntPtr minimumApplicationAddress; // minimum address
+ // public IntPtr maximumApplicationAddress; // maximum address
+ // public IntPtr activeProcessorMask;
+ // public uint numberOfProcessors;
+ // public uint processorType;
+ // public uint allocationGranularity;
+ // public ushort processorLevel;
+ // public ushort processorRevision;
+ //}
+
+ // Struc to hold basic memory information for a module
+ public struct MEMORY_BASIC_INFORMATION64
+ {
+ public UInt64 BaseAddress;
+ public UInt64 AllocationBase;
+ public uint AllocationProtect;
+ public uint __alignment1;
+ public UInt64 RegionSize; // size of the region allocated by the program
+ public uint State; // check if allocated (MEM_COMMIT)
+ public uint Protect; // page protection (must be PAGE_READWRITE)
+ public uint Type;
+ public uint __alignment2;
+ }
+ }
+}
diff --git a/MemEnum/Properties/AssemblyInfo.cs b/MemEnum/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..df082ab
--- /dev/null
+++ b/MemEnum/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SharpProcEnum")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("SharpProcEnum")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("97a3fef8-6651-41d6-b95f-71d678241eae")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]