private PatternScanResult FindDataPattern(IMemoryPattern pattern)
{
var patternData = Data;
var patternBytes = pattern.GetBytes();
var patternMask = pattern.GetMask();
var result = new PatternScanResult();
for (var offset = 0; offset < patternData.Length; offset++)
{
if (patternMask.Where((m, b) => m == 'x' && patternBytes[b] != patternData[b + offset]).Any())
{
continue;
}
// If this area is reached, the pattern has been found.
result.Found = true;
result.ReadAddress = _module.Read <IntPtr>(offset + pattern.Offset);
result.BaseAddress = new IntPtr(result.ReadAddress.ToInt64() - _module.BaseAddress.ToInt64());
result.Offset = offset;
return(result);
}
// If this is reached, the pattern was not found.
result.Found = false;
result.Offset = 0;
result.ReadAddress = IntPtr.Zero;
result.BaseAddress = IntPtr.Zero;
return(result);
}
private PatternScanResult FindFunctionPattern(IMemoryPattern pattern)
{
var patternData = Data;
var patternDataLength = patternData.Length;
for (var offset = 0; offset < patternDataLength; offset++)
{
if (
pattern.GetMask()
.Where((m, b) => m == 'x' && pattern.GetBytes()[b] != patternData[b + offset])
.Any())
{
continue;
}
return(new PatternScanResult
{
BaseAddress = _module.BaseAddress + offset,
ReadAddress = _module.BaseAddress + offset,
Offset = offset,
Found = true
});
}
return(new PatternScanResult
{
BaseAddress = IntPtr.Zero,
ReadAddress = IntPtr.Zero,
Offset = 0,
Found = false
});
}
private int GetOffset(IMemoryPattern pattern)
{
switch (pattern.Algorithm)
{
case PatternScannerAlgorithm.BoyerMooreHorspool:
return(Utilities.BoyerMooreHorspool.IndexOf(Data, pattern.GetBytes().ToArray()));
case PatternScannerAlgorithm.Naive:
return(Utilities.Naive.GetIndexOf(pattern, Data, _module));
}
throw new NotImplementedException("GetOffset encountered an unknown PatternScannerAlgorithm: " + pattern.Algorithm + ".");
}
private PatternScanResult FindFunctionPattern(IMemoryPattern pattern, int hintAddr = 0)
{
var patternData = Data;
var patternDataLength = patternData.Length;
var patternBytes = pattern.GetBytes();
if (hintAddr > 0)
{
if (hintAddr + patternBytes.Count > patternDataLength ||
pattern.GetMask()
// ReSharper disable once AccessToModifiedClosure
.AnyEx((m, b) => m == 'x' && patternBytes[b] != patternData[b + hintAddr]))
{
hintAddr = 0;
}
}
for (var offset = hintAddr; offset < patternDataLength; offset++)
{
if (pattern.GetMask()
// ReSharper disable once AccessToModifiedClosure
.AnyEx((m, b) => m == 'x' && patternBytes[b] != patternData[b + offset]))
{
continue;
}
return(new PatternScanResult
{
BaseAddress = _module.BaseAddress + offset,
ReadAddress = _module.BaseAddress + offset,
Offset = offset,
Found = true
});
}
return(new PatternScanResult
{
BaseAddress = IntPtr.Zero,
ReadAddress = IntPtr.Zero,
Offset = 0,
Found = false
});
}
private PatternScanResult FindCallPattern(IMemoryPattern pattern, int hintAddr = 0)
{
var patternData = Data;
var patternBytes = pattern.GetBytes();
var patternMask = pattern.GetMask();
if (hintAddr > 0)
{
if (hintAddr + patternBytes.Count > patternData.Length ||
patternMask.AnyEx((m,
// ReSharper disable once AccessToModifiedClosure
b) => m == 'x' && patternBytes[b] != patternData[b + hintAddr]))
{
hintAddr = 0;
}
}
var result = new PatternScanResult();
for (var offset = hintAddr; offset < patternData.Length; offset++)
{
if (patternMask.AnyEx((m,
// ReSharper disable once AccessToModifiedClosure
b) => m == 'x' && patternBytes[b] != patternData[b + offset]))
{
continue;
}
// If this area is reached, the pattern has been found.
result.Found = true;
result.ReadAddress = _module.Read <IntPtr>(offset + pattern.Offset);
result.BaseAddress = new IntPtr(result.ReadAddress.ToInt64() + pattern.Offset + MarshalType <IntPtr> .Size + offset + _module.BaseAddress.ToInt64());
result.Offset = offset;
return(result);
}
// If this is reached, the pattern was not found.
result.Found = false;
result.Offset = 0;
result.ReadAddress = IntPtr.Zero;
result.BaseAddress = IntPtr.Zero;
return(result);
}
public static int GetIndexOf(IMemoryPattern pattern, byte[] Data, IProcessModule module)
{
var patternData = Data;
var patternDataLength = patternData.Length;
for (var offset = 0; offset < patternDataLength; offset++)
{
if (
pattern.GetMask()
.Where((m, b) => m == 'x' && pattern.GetBytes()[b] != patternData[b + offset])
.Any())
{
continue;
}
return(offset);
}
return(-1);
}
