private static uint GetStatic_LevelArea(byte[] data, SymbolMap symbols) { const string key = "LevelArea"; var match = symbols.BestMatch(key); if (match != 0) { return(match); } if (Engine.Current == null) { return(0); } try { var pe = new PEHeaderReader(data); var rdata = pe.ImageSectionHeaders.FirstOrDefault(h => h.Section.TrimEnd('\0') == ".rdata"); var text = pe.ImageSectionHeaders.FirstOrDefault(h => h.Section.TrimEnd('\0') == ".text"); uint offset = rdata.VirtualAddress - rdata.PointerToRawData + pe.OptionalHeader32.ImageBase; var pName = (uint)(offset + new BinaryPattern(Encoding.ASCII.GetBytes("UIMinimapToggle")).NextMatch(data, (int)rdata.PointerToRawData, (int)rdata.SizeOfRawData)); var pMethod = BitConverter.ToUInt32(data, BinaryPattern.Parse( $"68{pName.ToPattern()}" + "A3........" + "C705................" + "C705................" + "E8........" + "68........" + "A3........" + "C705........|........|").NextMatch(data, (int)text.PointerToRawData, (int)text.SizeOfRawData) + 51); if (Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x00) == 0x8B && Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x01) == 0x0D) { var address = Engine.Current.Memory.Reader.Read <uint>(pMethod + 0x02); symbols.Override(key, address); return(address); } } catch { } return(0); }
private static uint GetStatic_LevelArea(byte[] data, SymbolMap symbols) { const string key = "LevelArea"; var match = symbols.BestMatch(key); if (match != 0) { return(match); } if (Engine.Current == null) { return(0); } try { // TODO: Calculate offset from PE info. const uint offset = 0x801600; // TODO: Search in .rdata segment only. var pName = (uint)(offset + new BinaryPattern(Encoding.ASCII.GetBytes("UIMinimapToggle")).NextMatch(data, 0)); // TODO: Search in .text segment only var pMethod = BitConverter.ToUInt32(data, BinaryPattern.Parse( $"68{pName.ToPattern()}" + "A3........" + "C705................" + "C705................" + "E8........" + "68........" + "A3........" + "C705........|........|").NextMatch(data, 0) + 51); if (Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x00) == 0x8B && Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x01) == 0x0D) { var address = Engine.Current.Memory.Reader.Read <uint>(pMethod + 0x02); symbols.Override(key, address); return(address); } } catch { } return(0); }
public static CodePattern Parse(string pattern) { var bp = new StringBuilder(pattern.Length); var marker = default(string); var markers = new Lazy <List <CodePatternMarker> >(); var op = new Range(0, 0); var ops = new List <Range>(); foreach (var c in pattern) { if (c == '{') { if (marker != null) { throw new FormatException(); } marker = ""; } else if (marker != null) { if (c == '}') { var position = bp.Length; if ((position & 1) != 0) { throw new FormatException(); } markers.Value.Add(new CodePatternMarker { Name = marker, Position = position / 2 }); marker = null; } else { marker += c; } } else if (IsClean(c)) { bp.Append(c); } else if (c == '|') { var position = bp.Length; if (op != default(Range)) { if ((position & 1) != 0) { throw new FormatException(); } op.Size = position / 2 - op.Start; ops.Add(op); } op = new Range(position / 2, 0); } } if (marker != null) { throw new FormatException(); } if (op != default(Range)) { var position = bp.Length; if ((position & 1) != 0) { throw new FormatException(); } op.Size = position / 2 - op.Start; ops.Add(op); } var binary = BinaryPattern.Parse(bp.ToString()); var x = new CodePattern { Markers = markers.IsValueCreated ? markers.Value : null, Binary = binary, Operations = ops }; return(x); }