C# (CSharp) MemorySearcher.FindSignature Beispiele

Programmiersprache: C# (CSharp)

Klasse / Typ: MemorySearcher

Methode / Funktion: FindSignature

Beispiele auf hotexamples.com: 3

C# (CSharp) MemorySearcher.FindSignature - 3 Beispiele gefunden. Dies sind die am besten bewerteten C# (CSharp) Beispiele für die MemorySearcher.FindSignature, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

FindSignature(3)

BinarySearch(1)

BtreeSearch(1)

BuildCache(1)

ClearCache(1)

FindString(1)

GetMemoryInfo(1)

ReadMemory(1)

Beispiel #1

Datei anzeigen

        private IntPtr GetVersionedFunctionPointer(Process program)
        {
            if (signatures != null)
            {
                MemorySearcher searcher = new MemorySearcher();
                searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.State & 0x1000) != 0 && (info.Protect & 0x40) != 0 && (info.Protect & 0x100) == 0);
                };
                for (int i = 0; i < signatures.Length; i++)
                {
                    ProgramSignature signature = signatures[i];

                    IntPtr ptr = searcher.FindSignature(program, signature.Signature);
                    if (ptr != IntPtr.Zero)
                    {
                        Version = signature.Version;
                        return(ptr + signature.Offset);
                    }
                }
                return(IntPtr.Zero);
            }

            if (MemoryReader.is64Bit)
            {
                return((IntPtr)program.Read <ulong>(program.MainModule.BaseAddress, offsets));
            }
            else
            {
                return((IntPtr)program.Read <uint>(program.MainModule.BaseAddress, offsets));
            }
        }

Beispiel #2

Datei anzeigen

        private IntPtr GetVersionedFunctionPointer(Process program)
        {
            MemorySearcher searcher = new MemorySearcher();

            searcher.MemoryFilter = delegate(MemInfo info) {
                return((info.Protect & 0x40) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0);
            };

            //BizHawk.Client.EmuHawk.DisplayManager.CalculateCompleteContentPadding
            ProgramSignature signature = new ProgramSignature(PointerVersion.Win10_223, "448B41104489442438488BCA488D5424404C8D442428E8", 38);
            IntPtr           ptr       = searcher.FindSignature(program, signature.Signature);

            if (ptr == IntPtr.Zero)
            {
                //BizHawk.Client.Common.Global.get_SystemInfo
                signature = new ProgramSignature(PointerVersion.Win7_221, "488B00E9????????BA????????488B1248B9????????????????E8????????488BC849BB", 9);
                ptr       = searcher.FindSignature(program, signature.Signature);
            }

            if (ptr == IntPtr.Zero)
            {
                signature = new ProgramSignature(PointerVersion.Win7_230, "488BF8BA????????488B124885D20F84", 4);
                ptr       = searcher.FindSignature(program, signature.Signature);
            }
            if (ptr == IntPtr.Zero)
            {
                signature = new ProgramSignature(PointerVersion.Win10_221, "83EC2048B9????????????????488B0949BB????????????????390941FF13488BF0488BCEE8", 5);
                ptr       = searcher.FindSignature(program, signature.Signature);
            }

            if (ptr != IntPtr.Zero)
            {
                AutoDeref = AutoDeref.Single;
                Version   = signature.Version;
                return(ptr + signature.Offset);
            }
            Version = PointerVersion.None;
            return(IntPtr.Zero);
        }

Beispiel #3

Datei anzeigen

        private IntPtr GetVersionedFunctionPointer(Process program)
        {
            if (program.ProcessName.Equals("nestopia", StringComparison.OrdinalIgnoreCase))
            {
                AutoDeref = AutoDeref.None;
                MemorySearcher searcher = new MemorySearcher();
                searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.Protect & 0x4) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0);
                };

                searcher.GetMemoryInfo(program.Handle);
                for (int i = 0; i < searcher.memoryInfo.Count; i++)
                {
                    byte[] data     = searcher.ReadMemory(program, i);
                    int    pointer1 = BitConverter.ToInt32(data, 0);
                    int    pointer2 = BitConverter.ToInt32(data, 4);
                    long   padding  = BitConverter.ToInt64(data, 8);
                    if (pointer1 == pointer2 && pointer1 != 0 && padding == 0)
                    {
                        return(searcher.memoryInfo[i].BaseAddress + 0xab8);
                    }
                }

                return(IntPtr.Zero);
            }
            else if (program.ProcessName.Equals("emuhawk", StringComparison.OrdinalIgnoreCase))
            {
                MemorySearcher searcher = new MemorySearcher();
                searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.Protect & 0x40) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0);
                };
                //BizHawk.Client.Common.Global.get_SystemInfo
                ProgramSignature signature = new ProgramSignature(PointerVersion.V1, "488B0949BB????????????????390941FF13488BF0488BCEE8", -8);

                IntPtr ptr = searcher.FindSignature(program, signature.Signature);
                if (ptr != IntPtr.Zero)
                {
                    AutoDeref = AutoDeref.Single;
                    Version   = signature.Version;
                    return(ptr + signature.Offset);
                }
            }

            return(program.MainModule.BaseAddress + offsets[0]);
        }