private IntPtr GetPointer(Process program, string asmName)
        {
            if (string.IsNullOrEmpty(asmName))
            {
                Searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.State & 0x1000) != 0 && (info.Protect & 0x40) != 0 && (info.Protect & 0x100) == 0);
                };
            }
            else
            {
                Tuple <IntPtr, IntPtr> range = ProgramPointer.GetAddressRange(program, asmName);
                Searcher.MemoryFilter = delegate(MemInfo info) {
                    return((ulong)info.BaseAddress >= (ulong)range.Item1 && (ulong)info.BaseAddress <= (ulong)range.Item2 && (info.State & 0x1000) != 0 && (info.Protect & 0x20) != 0 && (info.Protect & 0x100) == 0);
                };
            }

            BasePtr = Searcher.FindSignature(program, Signature);
            if (BasePtr != IntPtr.Zero)
            {
                LastVerified = DateTime.Now.AddSeconds(5);
                int offset = CalculateRelative(program);
                return(BasePtr + offset);
            }
            return(BasePtr);
        }
        public void VerifyPointer(Process program, ref IntPtr pointer)
        {
            DateTime now = DateTime.Now;

            if (now <= LastVerified)
            {
                return;
            }

            bool isValid = Searcher.VerifySignature(program, BasePtr, Signature);

            LastVerified = now.AddSeconds(1);
            if (isValid)
            {
                int    offset = CalculateRelative(program);
                IntPtr verify = ProgramPointer.DerefPointer(program, BasePtr + offset, AutoDeref);
                if (verify != pointer)
                {
                    pointer = verify;
                }
                return;
            }

            BasePtr = IntPtr.Zero;
            pointer = IntPtr.Zero;
        }
Ejemplo n.º 3
0
        private IntPtr GetPointer(Process program, string asmName)
        {
            ulong rva = Decompiler.GetRVA(FullName);

            if (rva == 0)
            {
                return(IntPtr.Zero);
            }

            if (string.IsNullOrEmpty(asmName))
            {
                BasePtr = program.MainModule.BaseAddress + (int)rva + Offset;
            }
            else
            {
                Tuple <IntPtr, IntPtr> range = ProgramPointer.GetAddressRange(program, asmName);
                BasePtr = range.Item1 + (int)rva + Offset;
            }

            int offset = 0;

            if (AutoDeref != AutoDeref.None)
            {
                offset = program.Read <int>(BasePtr) + 4;
            }
            return(BasePtr + offset);
        }
 public IntPtr FindPointer(Process program, string asmName)
 {
     if (Decompiler == null)
     {
         return(IntPtr.Zero);
     }
     return(ProgramPointer.DerefPointer(program, GetPointer(program, asmName), AutoDeref));
 }
        public IntPtr FindPointer(Process program, string asmName)
        {
            if (string.IsNullOrEmpty(asmName))
            {
                BasePtr = program.MainModule.BaseAddress;
            }
            else
            {
                Tuple <IntPtr, IntPtr> range = ProgramPointer.GetAddressRange(program, asmName);
                BasePtr = range.Item1;
            }

            if (Offsets.Length > 1)
            {
                LastVerified = DateTime.Now.AddSeconds(5);
                return(ProgramPointer.DerefPointer(program, program.Read <IntPtr>(BasePtr, Offsets), AutoDeref));
            }
            else
            {
                LastVerified = DateTime.MaxValue;
                BasePtr     += Offsets[0];
                return(ProgramPointer.DerefPointer(program, BasePtr, AutoDeref));
            }
        }
 public IntPtr FindPointer(Process program, string asmName)
 {
     return(ProgramPointer.DerefPointer(program, GetPointer(program, asmName), AutoDeref));
 }