private int GetOffset(IAMemoryPattern pattern)
{
switch (pattern.Algorithm)
{
case APatternScannerAlgorithm.BoyerMooreHorspool:
return(Utilities.ABoyerMooreHorspool.IndexOf(Data, pattern.GetBytes().ToArray()));
case APatternScannerAlgorithm.Naive:
return(Utilities.ANaive.GetIndexOf(pattern, Data, _module));
}
throw new NotImplementedException("GetOffset encountered an unknown PatternScannerAlgorithm: " + pattern.Algorithm + ".");
}
public APatternScanResult Find(IAMemoryPattern pattern)
{
switch (pattern.PatternType)
{
case AMemoryPatternType.Function:
return(FindFunctionPattern(pattern));
case AMemoryPatternType.Data:
return(FindDataPattern(pattern));
}
throw new NotImplementedException("PatternScanner encountered an unknown MemoryPatternType: " + pattern.PatternType + ".");
}
private APatternScanResult FindFunctionPattern(IAMemoryPattern pattern)
{
var offset = GetOffset(pattern);
if (offset != -1)
{
return(new APatternScanResult
{
BaseAddress = _module.BaseAddress + offset + _offsetFromBaseAddress,
ReadAddress = _module.BaseAddress + offset + _offsetFromBaseAddress,
Offset = offset + _offsetFromBaseAddress,
Found = true
});
}
return(EmptyPatternScanResult);
}
private APatternScanResult FindDataPattern(IAMemoryPattern pattern)
{
var result = new APatternScanResult();
var offset = GetOffset(pattern);
if (offset != -1)
{
// If this area is reached, the pattern has been found.
result.Found = true;
result.ReadAddress = _module.Read <IntPtr>(offset + pattern.Offset);
result.BaseAddress = new IntPtr(result.ReadAddress.ToInt64() - _module.BaseAddress.ToInt64());
result.Offset = offset;
return(result);
}
// If this is reached, the pattern was not found.
return(EmptyPatternScanResult);
}
public static int GetIndexOf(IAMemoryPattern pattern, byte[] Data, AProcessSharpModule module)
{
var patternData = Data;
var patternDataLength = patternData.Length;
for (var offset = 0; offset < patternDataLength; offset++)
{
if (
pattern.GetMask()
.Where((m, b) => m == 'x' && pattern.GetBytes()[b] != patternData[b + offset])
.Any())
{
continue;
}
return(offset);
}
return(-1);
}
