public byte[] ReadMemory(Process process, int index)
{
MemInfo info = memoryInfo[index];
byte[] buff = new byte[(uint)info.RegionSize];
ReadProcessMemory(process.Handle, info.BaseAddress, buff, (uint)info.RegionSize, 0);
return(buff);
}
// This function searches for the given array of signatures in order. It's an all or nothing algorithm, so the function will either
// find pointers for all signatures or return null if any weren't found in the specific order given.
public IntPtr[] FindSignatures(Process process, string[] signatures)
{
GetMemoryInfo(process.Handle);
IntPtr[] pointers = new IntPtr[signatures.Length];
int index = 0;
GetSignature(signatures[index], out byte[] pattern, out bool[] mask);
int[] offsets = GetCharacterOffsets(pattern, mask);
for (int i = 0; i < memoryInfo.Count; i++)
{
byte[] buffer = ReadMemory(process, i);
MemInfo info = memoryInfo[i];
int current = 0;
int end = pattern.Length - 1;
while (current <= buffer.Length - pattern.Length)
{
for (int j = end; buffer[current + j] == pattern[j] || mask[j]; j--)
{
if (j == 0)
{
pointers[index] = info.BaseAddress + current;
if (index == signatures.Length - 1)
{
return(pointers);
}
index++;
GetSignature(signatures[index], out pattern, out mask);
offsets = GetCharacterOffsets(pattern, mask);
current += j + 1;
end = pattern.Length - 1;
break;
}
}
int offset = offsets[buffer[current + end]];
current += offset;
}
}
return(null);
}
private void ScanMemory(List <IntPtr> pointers, MemInfo info, byte[] data, byte[] search, bool[] mask, int[] offsets)
{
int current = 0;
int end = search.Length - 1;
while (current <= data.Length - search.Length)
{
for (int i = end; data[current + i] == search[i] || mask[i]; i--)
{
if (i == 0)
{
pointers.Add(info.BaseAddress + current);
break;
}
}
int offset = offsets[data[current + end]];
current += offset;
}
}
public List <IntPtr> FindSignatures(Process process, string signature)
{
byte[] pattern;
bool[] mask;
GetSignature(signature, out pattern, out mask);
GetMemoryInfo(process.Handle);
int[] offsets = GetCharacterOffsets(pattern, mask);
List <IntPtr> pointers = new List <IntPtr>();
for (int i = 0; i < memoryInfo.Count; i++)
{
byte[] buff = ReadMemory(process, i);
MemInfo info = memoryInfo[i];
ScanMemory(pointers, info, buff, pattern, mask, offsets);
}
return(pointers);
}
public IntPtr FindSignature(Process process, string signature)
{
byte[] pattern;
bool[] mask;
GetSignature(signature, out pattern, out mask);
GetMemoryInfo(process.Handle);
int[] offsets = GetCharacterOffsets(pattern, mask);
for (int i = 0; i < memoryInfo.Count; i++)
{
byte[] buff = ReadMemory(process, i);
MemInfo info = memoryInfo[i];
int result = ScanMemory(buff, pattern, mask, offsets);
if (result != int.MinValue)
{
return(info.BaseAddress + result);
}
}
return(IntPtr.Zero);
}
public void GetMemoryInfo(IntPtr pHandle)
{
if (memoryInfo != null)
{
return;
}
memoryInfo = new List <MemInfo>();
IntPtr current = (IntPtr)65536;
while (true)
{
MemInfo memInfo = new MemInfo();
int dump = VirtualQueryEx(pHandle, current, out memInfo, Marshal.SizeOf(memInfo));
if (dump == 0)
{
break;
}
long regionSize = (long)memInfo.RegionSize;
if (regionSize <= 0 || (int)regionSize != regionSize)
{
if (MemoryReader.is64Bit)
{
current = (IntPtr)((ulong)memInfo.BaseAddress + (ulong)memInfo.RegionSize);
continue;
}
break;
}
if (MemoryFilter(memInfo))
{
memoryInfo.Add(memInfo);
}
current = memInfo.BaseAddress + (int)regionSize;
}
}
private static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MemInfo lpBuffer, int dwLength);