C#: Search a byte[] array in another process's memory

Question

How is it possible to search for a byte[] array in the memory of another process and then get the address at the place where the byte[] array is located?

I want to w

Answer 1

Is it possible to be done in C#?

Yes. But very hard. It is hard from a native application where there is no impedance mismatched with the unmanaged view of processes and their memory maps you will need to use.

Considerations:

• You will need permission to open the process to get a handle.
• While the virtual memory space of a 32bit process is from two to four GB in size (depending on host OS and /3GB switch), much of this address range will not be allocated, and reading it will cause a page fault. You really need to find out what pages are allocated and for what to avoid lots of invalid page accesses.

Suggestions:

• Do you really really need to do this? Seriously this will be hard.
• Consider doing a native application, this will avoid working across the native/managed fence (this could include a native library with a managed driver application).
• Do you really need to do this?
• Consider doing the work inside the target process. This will require some cleverness (documented) to inject a thread, but should then be much faster.
• Start by reading up on Windows how process memory works (start with Windows Internals and (can't recall its name in the latest edition) Jeffrey Richter's book on Win32 application development.
• Do you really need to do this? There must be something simpler... could you automated a debugger?