C#C
C#17mo ago
peep

Process Hacker string remover

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

class Program
{
    // PInvoke declarations for Win32 API functions
    [DllImport("kernel32.dll", SetLastError = true)]
    static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint dwSize, out int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool CloseHandle(IntPtr hObject);

    const uint PROCESS_ALL_ACCESS = 0x1F0FFF;

    static void Main(string[] args)
    {
        Console.WriteLine("Process ID girin:");
        if (!int.TryParse(Console.ReadLine(), out int processId))
        {
            Console.WriteLine("Geçersiz Process ID.");
            return;
        }

        Console.WriteLine("Adres (hex formatında, örneğin 0x12345678):");
        string addressInput = Console.ReadLine();
        if (!addressInput.StartsWith("0x", StringComparison.OrdinalIgnoreCase) ||
            !long.TryParse(addressInput.Substring(2), System.Globalization.NumberStyles.HexNumber, null, out long address))
        {
            Console.WriteLine("Geçersiz adres formatı.");
            return;
        }

        IntPtr addressPtr = new IntPtr(address);

        Console.WriteLine("Uzunluk:");
        if (!uint.TryParse(Console.ReadLine(), out uint length))
        {
            Console.WriteLine("Geçersiz uzunluk.");
            return;
        }

        byte[] newValue = new byte[length];
        byte[] hexValue = BitConverter.GetBytes(0x473751488);
        Array.Copy(hexValue, newValue, Math.Min(hexValue.Length, length));

        IntPtr processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);
        if (processHandle == IntPtr.Zero)
        {
            Console.WriteLine($"Süreç açılamadı. Hata kodu: {Marshal.GetLastWin32Error()}");
            return;
        }

        try
        {
            if (WriteProcessMemory(processHandle, addressPtr, newValue, length, out int bytesWritten))
            {
                Console.WriteLine($"Başarıyla {bytesWritten} byte yazıldı.");
            }
            else
            {
                Console.WriteLine($"Bellek yazma hatası. Hata kodu: {Marshal.GetLastWin32Error()}");
            }
        }
        finally
        {
            CloseHandle(processHandle);
        }
    }
}


Hello, the current function of this code is this way, I enter the PROCESS ID, then I enter the address and length of the string I want to delete in the process hacker and it is deleted.

but what I want to do is this, I want it to automatically find the address and length of all the strings in explorer.exe that contain ‘istanbul.exe’ and delete them automatically, how can I do it?
Was this page helpful?