Changed string type to unicode.

Author: KN4CK3R

Memory/NativeHelper.cs

@@ -55,14 +55,14 @@ public T GetDelegate<T>()
 
 		private delegate void CloseRemoteProcessDelegate(IntPtr process);
 
-		private delegate bool ReadRemoteMemoryDelegate(IntPtr process, IntPtr address, IntPtr buffer, uint size);
+		private delegate bool ReadRemoteMemoryDelegate(IntPtr process, IntPtr address, IntPtr buffer, int size);
 
-		private delegate bool WriteRemoteMemoryDelegate(IntPtr process, IntPtr address, IntPtr buffer, uint size);
+		private delegate bool WriteRemoteMemoryDelegate(IntPtr process, IntPtr address, IntPtr buffer, int size);
 
-		public delegate void EnumerateProcessCallback(uint pid, [MarshalAs(UnmanagedType.LPWStr)]string modulePath);
+		public delegate void EnumerateProcessCallback(int pid, [MarshalAs(UnmanagedType.LPWStr)]string modulePath);
 		private delegate void EnumerateProcessesDelegate(EnumerateProcessCallback callbackProcess);
 
-		public delegate void EnumerateRemoteSectionCallback(IntPtr baseAddress, IntPtr regionSize, [MarshalAs(UnmanagedType.LPStr)]string name, NativeMethods.StateEnum state, NativeMethods.AllocationProtectEnum protection, NativeMethods.TypeEnum type, [MarshalAs(UnmanagedType.LPWStr)]string modulePath);
+		public delegate void EnumerateRemoteSectionCallback(IntPtr baseAddress, IntPtr regionSize, [MarshalAs(UnmanagedType.LPWStr)]string name, NativeMethods.StateEnum state, NativeMethods.AllocationProtectEnum protection, NativeMethods.TypeEnum type, [MarshalAs(UnmanagedType.LPWStr)]string modulePath);
 		public delegate void EnumerateRemoteModuleCallback(IntPtr baseAddress, IntPtr regionSize, [MarshalAs(UnmanagedType.LPWStr)]string modulePath);
 		private delegate void EnumerateRemoteSectionsAndModulesDelegate(IntPtr process, EnumerateRemoteSectionCallback callbackSection, EnumerateRemoteModuleCallback callbackModule);
 
@@ -310,7 +310,7 @@ public void CloseRemoteProcess(IntPtr process)
 			closeRemoteProcessDelegate(process);
 		}
 
-		public bool ReadRemoteMemory(IntPtr process, IntPtr address, byte[] buffer, uint size)
+		public bool ReadRemoteMemory(IntPtr process, IntPtr address, byte[] buffer, int size)
 		{
 			Contract.Requires(buffer != null);
 
@@ -321,7 +321,7 @@ public bool ReadRemoteMemory(IntPtr process, IntPtr address, byte[] buffer, uint
 			return result;
 		}
 
-		public bool WriteRemoteMemory(IntPtr process, IntPtr address, byte[] buffer, uint size)
+		public bool WriteRemoteMemory(IntPtr process, IntPtr address, byte[] buffer, int size)
 		{
 			Contract.Requires(buffer != null);
 

Memory/RemoteProcess.cs

@@ -92,7 +92,7 @@ public void ReadRemoteMemoryIntoBuffer(IntPtr address, ref byte[] data)
 				return;
 			}
 
-			nativeHelper.ReadRemoteMemory(Process.Handle, address, data, (uint)data.Length);
+			nativeHelper.ReadRemoteMemory(Process.Handle, address, data, data.Length);
 		}
 
 		/// <summary>Reads <paramref name="size"/> bytes from the address in the remote process.</summary>
@@ -352,7 +352,7 @@ public bool WriteRemoteMemory(IntPtr address, byte[] data)
 				return false;
 			}
 
-			return nativeHelper.WriteRemoteMemory(Process.Handle, address, data, (uint)data.Length);
+			return nativeHelper.WriteRemoteMemory(Process.Handle, address, data, data.Length);
 		}
 
 		/// <summary>Writes the given <paramref name="value"/> to the <paramref name="address"/> in the remote process.</summary>

NativeHelper/dllmain.cpp

@@ -191,7 +191,7 @@ EXTERN_DLL_EXPORT VOID __stdcall EnumerateProcesses(EnumerateProcessCallback cal
 	lastError = GetLastError();
 }
 
-typedef VOID(__stdcall EnumerateRemoteSectionsCallback)(LPVOID baseAddress, SIZE_T regionSize, BYTE name[IMAGE_SIZEOF_SHORT_NAME + 2], DWORD state, DWORD protection, DWORD type, WCHAR modulePath[PATH_MAXIMUM_LENGTH]);
+typedef VOID(__stdcall EnumerateRemoteSectionsCallback)(LPVOID baseAddress, SIZE_T regionSize, WCHAR name[IMAGE_SIZEOF_SHORT_NAME + 1], DWORD state, DWORD protection, DWORD type, WCHAR modulePath[PATH_MAXIMUM_LENGTH]);
 typedef VOID(__stdcall EnumerateRemoteModulesCallback)(LPVOID baseAddress, SIZE_T regionSize, WCHAR modulePath[PATH_MAXIMUM_LENGTH]);
 
 EXTERN_DLL_EXPORT VOID __stdcall EnumerateRemoteSectionsAndModules(HANDLE process, EnumerateRemoteSectionsCallback callbackSection, EnumerateRemoteModulesCallback callbackModule)
@@ -205,7 +205,7 @@ EXTERN_DLL_EXPORT VOID __stdcall EnumerateRemoteSectionsAndModules(HANDLE proces
 	{
 		LPVOID BaseAddress;
 		SIZE_T RegionSize;
-		BYTE Name[IMAGE_SIZEOF_SHORT_NAME + 2];
+		WCHAR Name[IMAGE_SIZEOF_SHORT_NAME + 1];
 		DWORD State;
 		DWORD Protection;
 		DWORD Type;
@@ -274,14 +274,19 @@ EXTERN_DLL_EXPORT VOID __stdcall EnumerateRemoteSectionsAndModules(HANDLE proces
 					readRemoteMemory(process, me32.modBaseAddr + DosHdr.e_lfanew + sizeof(IMAGE_NT_HEADERS), sectionHeaders.data(), NtHdr.FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER));
 					for (int i = 0; i < NtHdr.FileHeader.NumberOfSections; ++i)
 					{
-						auto&& section = sectionHeaders[i];
+						auto&& sectionHeader = sectionHeaders[i];
 
-						auto sectionAddress = (size_t)me32.modBaseAddr + section.VirtualAddress;
+						auto sectionAddress = (size_t)me32.modBaseAddr + sectionHeader.VirtualAddress;
 						for (auto j = it; j != std::end(sections); ++j)
 						{
 							if (sectionAddress >= (size_t)j->BaseAddress && sectionAddress < (size_t)j->BaseAddress + (size_t)j->RegionSize)
 							{
-								std::memcpy(j->Name, section.Name, IMAGE_SIZEOF_SHORT_NAME);
+								// Copy the name because it is not null padded.
+								char buffer[IMAGE_SIZEOF_SHORT_NAME + 1] = { 0 };
+								std::memcpy(buffer, sectionHeader.Name, IMAGE_SIZEOF_SHORT_NAME);
+
+								size_t convertedChars = 0;
+								mbstowcs_s(&convertedChars, j->Name, IMAGE_SIZEOF_SHORT_NAME, buffer, _TRUNCATE);
 								std::memcpy(j->ModulePath, me32.szExePath, sizeof(SectionInfo::ModulePath));
 								break;
 							}