Process Hacker string remover
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
class Program
{
// PInvoke declarations for Win32 API functions
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint dwSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool CloseHandle(IntPtr hObject);
const uint PROCESS_ALL_ACCESS = 0x1F0FFF;
static void Main(string[] args)
{
Console.WriteLine("Process ID girin:");
if (!int.TryParse(Console.ReadLine(), out int processId))
{
Console.WriteLine("Geçersiz Process ID.");
return;
}
Console.WriteLine("Adres (hex formatında, örneğin 0x12345678):");
string addressInput = Console.ReadLine();
if (!addressInput.StartsWith("0x", StringComparison.OrdinalIgnoreCase) ||
!long.TryParse(addressInput.Substring(2), System.Globalization.NumberStyles.HexNumber, null, out long address))
{
Console.WriteLine("Geçersiz adres formatı.");
return;
}
IntPtr addressPtr = new IntPtr(address);
Console.WriteLine("Uzunluk:");
if (!uint.TryParse(Console.ReadLine(), out uint length))
{
Console.WriteLine("Geçersiz uzunluk.");
return;
}
byte[] newValue = new byte[length];
byte[] hexValue = BitConverter.GetBytes(0x473751488);
Array.Copy(hexValue, newValue, Math.Min(hexValue.Length, length));
IntPtr processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (processHandle == IntPtr.Zero)
{
Console.WriteLine($"Süreç açılamadı. Hata kodu: {Marshal.GetLastWin32Error()}");
return;
}
try
{
if (WriteProcessMemory(processHandle, addressPtr, newValue, length, out int bytesWritten))
{
Console.WriteLine($"Başarıyla {bytesWritten} byte yazıldı.");
}
else
{
Console.WriteLine($"Bellek yazma hatası. Hata kodu: {Marshal.GetLastWin32Error()}");
}
}
finally
{
CloseHandle(processHandle);
}
}
}using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
class Program
{
// PInvoke declarations for Win32 API functions
[DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint dwSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool CloseHandle(IntPtr hObject);
const uint PROCESS_ALL_ACCESS = 0x1F0FFF;
static void Main(string[] args)
{
Console.WriteLine("Process ID girin:");
if (!int.TryParse(Console.ReadLine(), out int processId))
{
Console.WriteLine("Geçersiz Process ID.");
return;
}
Console.WriteLine("Adres (hex formatında, örneğin 0x12345678):");
string addressInput = Console.ReadLine();
if (!addressInput.StartsWith("0x", StringComparison.OrdinalIgnoreCase) ||
!long.TryParse(addressInput.Substring(2), System.Globalization.NumberStyles.HexNumber, null, out long address))
{
Console.WriteLine("Geçersiz adres formatı.");
return;
}
IntPtr addressPtr = new IntPtr(address);
Console.WriteLine("Uzunluk:");
if (!uint.TryParse(Console.ReadLine(), out uint length))
{
Console.WriteLine("Geçersiz uzunluk.");
return;
}
byte[] newValue = new byte[length];
byte[] hexValue = BitConverter.GetBytes(0x473751488);
Array.Copy(hexValue, newValue, Math.Min(hexValue.Length, length));
IntPtr processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (processHandle == IntPtr.Zero)
{
Console.WriteLine($"Süreç açılamadı. Hata kodu: {Marshal.GetLastWin32Error()}");
return;
}
try
{
if (WriteProcessMemory(processHandle, addressPtr, newValue, length, out int bytesWritten))
{
Console.WriteLine($"Başarıyla {bytesWritten} byte yazıldı.");
}
else
{
Console.WriteLine($"Bellek yazma hatası. Hata kodu: {Marshal.GetLastWin32Error()}");
}
}
finally
{
CloseHandle(processHandle);
}
}
}Hello, the current function of this code is this way, I enter the PROCESS ID, then I enter the address and length of the string I want to delete in the process hacker and it is deleted.
but what I want to do is this, I want it to automatically find the address and length of all the strings in explorer.exe that contain ‘istanbul.exe’ and delete them automatically, how can I do it?
