Beispiel #1
0
            //Найти в чанке
            private static bool FindInChunk(byte[] memoryChunk, CachedPattern patternCached, out uint index)
            {
                int insideIndex = 0;

                for (uint i = 0; i < memoryChunk.Length; i++)
                {
                    //Это игнорируемый индекс?
                    if (patternCached.IgnoredIndexes.Contains(insideIndex))
                    {
                        insideIndex++;
                    }
                    else if (patternCached.Pattern[insideIndex] == memoryChunk[i]) //Иначе совпадает ли паттерн?
                    {
                        insideIndex++;
                    }
                    else
                    {
                        insideIndex = 0;
                    }

                    //Мы прошли весь путь?
                    if (insideIndex == patternCached.Pattern.Length)
                    {
                        index = (i - (uint)(insideIndex - 1));
                        return(true);
                    }
                }

                //Not found
                index = 0;
                return(false);
            }
Beispiel #2
0
            /// <summary>
            /// Найти определенный паттерн в dll
            /// </summary>
            /// <param name="moduleName"></param>
            /// <param name="pattern"></param>
            /// <param name="chunkLenght"></param>
            /// <returns></returns>
            public static ulong Find(string moduleName, string pattern, uint chunkLenght = 1024 * 1024 * 16)
            {
                var patternCached = new CachedPattern(pattern);
                var module        = Modules.FindModule(InternalMagic.TargetPID, moduleName);

                if (module.IsValid)
                {
                    byte[] buffer       = new byte[chunkLenght];
                    ulong  startAddress = (ulong)module.modBaseAddr;
                    ulong  endAddress   = (ulong)module.modBaseAddr + module.modBaseSize;
                    for (ulong iBuff = startAddress; iBuff < endAddress; iBuff += chunkLenght)
                    {
                        //Buffer overflowing at end address?
                        if ((iBuff + (ulong)(buffer.Length)) > endAddress)
                        {
                            uint diff = (uint)(iBuff + (ulong)(buffer.Length) - endAddress);
                            buffer = new byte[buffer.Length - diff]; //Reinit them!
                        }

                        if (ReadBytes(iBuff, ref buffer))
                        {
                            uint index;
                            if (FindInChunk(buffer, patternCached, out index))
                            {
                                return(iBuff + index);
                            }
                        }
                    }
                }
                return(0);
            }