mame0.215内存动态注入修改笔记备忘

mame0.215内存动态注入修改笔记备忘 https://my.oschina.net/zengfr writeFileHook = Injector.createHook("k

mame0.215内存动态注入修改笔记备忘

https://my.oschina.net/zengfr

           writeFileHook = Injector.createHook("kernel32.dll", "WriteFile", new WriteFile/_Delegate(WriteFile/_Hook));            fopenHook = Injector.createHook("msvcrt.dll", "fopen", new fopen/_Delegate(fopen/_Hook));         ffHook = Injector.createHook("msvcrt.dll", "fflush", new ff/_Delegate(ff/_Hook));            flbHook = Injector.createHook("msvcrt.dll", "/_flsbuf", new flb/_Delegate(flb_Hook));

bool WriteFile_Hook(IntPtr hFile, IntPtr lpBuffer, uint nNumberOfBytesToWrite, out uint lpNumberOfBytesWritten, IntPtr lpOverlapped)        {            bool result = false;            lpNumberOfBytesWritten = 1;            try            {                StringBuilder filename = new StringBuilder(255);                winapi.GetFinalPathNameByHandle(hFile, filename, 255, 0);                String fname = filename.ToString();                bool original = (!fname.Contains(".dup")) && (fname.Contains("t.log") || fname.Contains("error.log"));                // Call original first so we get lpNumberOfBytesWritten                if (!original)                    result = FileActivities.WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, out lpNumberOfBytesWritten, lpOverlapped);                if (original)                {                    string str = Marshal.PtrToStringAnsi(lpBuffer, (int)nNumberOfBytesToWrite);                    Injector.enqueue(Path.GetFileName(fname), str);//logerror                }            }            catch (Exception ex)            {                Injector.Ipc.ReportException(ex);            }            return result;        }            /*ArgIterator args2 = new ArgIterator(args);            while (args2.GetRemainingCount() > 0)            {                Injector.Ipc.ReportMessage(string.Format("{0}:{1}",                     Type.GetTypeFromHandle(args2.GetNextArgType()),                    TypedReference.ToObject(args2.GetNextArg())));            }*/        private string getContent(string fmt, IntPtr args)        {            var bufferCapacity = msvcrt._scprintf(fmt, args);            StringBuilder sb = new StringBuilder(bufferCapacity + 2);            msvcrt.sprintf(sb, fmt, args);            return sb.ToString();        }        private IntPtr fopen_Hook(string fname, string mode)        {            Injector.Ipc.ReportMessage(FormatMessage("fopen " + mode, fname));             return msvcrt.fopen(fname, mode);        }        HistoryQueue<String> lastlog = new HistoryQueue<string>(5);        bool lastIsOld  = true;        private int ff_Hook(IntPtr stream)        {            //var ptr = reg.getregsinfo5();            try            {                //Int64[] bRawData = new Int64[0x8];                //Marshal.Copy(ptr, bRawData, 0, bRawData.Length);                var pc = Marshal.PtrToStringAnsi(new IntPtr(0x248ae0));                var lp = Marshal.ReadIntPtr(new IntPtr(0x248ab0), 0);                var asm = Marshal.PtrToStringAnsi(lp);                var log= pc + ":" + asm;                lastlog.push(log);                bool isNew= Injector.enqueue("t.log",log);//trace log                if (isNew)                {                    if (lastIsOld)                    {                        Injector.Ipc.ReportMessage(FormatMessage(" :", lastlog.get(-2)));                        Injector.Ipc.ReportMessage(FormatMessage("F:", lastlog.get(-1)));                    }                    lastIsOld = false;                    Injector.Ipc.ReportMessage(FormatMessage("T:", log));                }                else {                    lastIsOld = true;                }            }            catch (Exception ex)            {                Injector.Ipc.ReportException(ex);            }            return -1;// msvcrt.fflush(stream);        }