Exemple #1
0
        private static int GetAttributeDescriptorsCount(SymbolMap symbols)
        {
            const int SizeOfAttributeDescriptor = 40;
            var       maxPlus1 = symbols.BestMatch("AttributeDescriptors.MaxName++");
            var       first    = symbols.BestMatch("AttributeDescriptors.FirstName");

            if (first == 0 || maxPlus1 == 0)
            {
                return(0);
            }
            return((int)(maxPlus1 - first) / SizeOfAttributeDescriptor);
        }
Exemple #2
0
        private static uint GetStatic_LevelAreaName(byte[] data, SymbolMap symbols)
        {
            const string key = "LevelAreaName";

            var match = symbols.BestMatch(key);

            if (match != 0)
            {
                return(match);
            }

            var levelarea = symbols.BestMatch("LevelArea");

            if (levelarea != 0)
            {
                return(levelarea + 0x30);
            }

            return(0);
        }
Exemple #3
0
        private static uint GetStatic_LevelArea(byte[] data, SymbolMap symbols)
        {
            const string key = "LevelArea";

            var match = symbols.BestMatch(key);

            if (match != 0)
            {
                return(match);
            }

            if (Engine.Current == null)
            {
                return(0);
            }

            try
            {
                var pe    = new PEHeaderReader(data);
                var rdata = pe.ImageSectionHeaders.FirstOrDefault(h => h.Section.TrimEnd('\0') == ".rdata");
                var text  = pe.ImageSectionHeaders.FirstOrDefault(h => h.Section.TrimEnd('\0') == ".text");

                uint offset = rdata.VirtualAddress - rdata.PointerToRawData + pe.OptionalHeader32.ImageBase;

                var pName = (uint)(offset + new BinaryPattern(Encoding.ASCII.GetBytes("UIMinimapToggle")).NextMatch(data, (int)rdata.PointerToRawData, (int)rdata.SizeOfRawData));

                var pMethod = BitConverter.ToUInt32(data, BinaryPattern.Parse(
                                                        $"68{pName.ToPattern()}" +
                                                        "A3........" +
                                                        "C705................" +
                                                        "C705................" +
                                                        "E8........" +
                                                        "68........" +
                                                        "A3........" +
                                                        "C705........|........|").NextMatch(data, (int)text.PointerToRawData, (int)text.SizeOfRawData) + 51);

                if (Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x00) == 0x8B &&
                    Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x01) == 0x0D)
                {
                    var address = Engine.Current.Memory.Reader.Read <uint>(pMethod + 0x02);
                    symbols.Override(key, address);
                    return(address);
                }
            }
            catch { }

            return(0);
        }
Exemple #4
0
        private static uint GetStatic_LevelArea(byte[] data, SymbolMap symbols)
        {
            const string key = "LevelArea";

            var match = symbols.BestMatch(key);

            if (match != 0)
            {
                return(match);
            }

            if (Engine.Current == null)
            {
                return(0);
            }

            try
            {
                // TODO: Calculate offset from PE info.
                const uint offset = 0x801600;

                // TODO: Search in .rdata segment only.
                var pName = (uint)(offset + new BinaryPattern(Encoding.ASCII.GetBytes("UIMinimapToggle")).NextMatch(data, 0));

                // TODO: Search in .text segment only
                var pMethod = BitConverter.ToUInt32(data, BinaryPattern.Parse(
                                                        $"68{pName.ToPattern()}" +
                                                        "A3........" +
                                                        "C705................" +
                                                        "C705................" +
                                                        "E8........" +
                                                        "68........" +
                                                        "A3........" +
                                                        "C705........|........|").NextMatch(data, 0) + 51);

                if (Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x00) == 0x8B &&
                    Engine.Current.Memory.Reader.Read <byte>(pMethod + 0x01) == 0x0D)
                {
                    var address = Engine.Current.Memory.Reader.Read <uint>(pMethod + 0x02);
                    symbols.Override(key, address);
                    return(address);
                }
            }
            catch { }

            return(0);
        }