public static FindTimestampsFlash ( byte array, int bytesRead ) : IEnumerable |
||
array | byte | |
bytesRead | int | |
Résultat | IEnumerable |
public static void ReadMemoryWhiteList(Process process, Dictionary <int, HashSet <long> > newWhitelistedAddresses, bool flashClient, ReadMemoryResults results) { HashSet <long> whitelist; if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist)) { return; } IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id); int bytesRead = 0; // number of bytes read with ReadProcessMemory foreach (long addr in whitelist) { IntPtr proc_min_address = new IntPtr(addr); MEMORY_BASIC_INFORMATION mem_basic_info; VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT) { if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize) { memoryBuffer = new byte[mem_basic_info.RegionSize]; } // read everything in the buffer above ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead); // scan the memory for strings that start with timestamps and end with the null terminator ('\0') IEnumerable <string> timestampLines; if (!flashClient) { timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead); } else { timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead); } SearchChunk(timestampLines, results); } } }
/// <summary> /// Scan the memory for any chunks that are missing from the whitelist table /// </summary> public static void ScanMissingChunks() { SYSTEM_INFO sys_info; GetSystemInfo(out sys_info); IntPtr proc_min_address = sys_info.minimumApplicationAddress; IntPtr proc_max_address = sys_info.maximumApplicationAddress; long proc_min_address_l = (long)proc_min_address; long proc_max_address_l = (long)proc_max_address; long sys_min_address_l = (long)proc_min_address; Process[] processes = ProcessManager.GetTibiaProcesses(); if (processes == null || processes.Length == 0) { // Tibia process could not be found, wait for a bit and return Thread.Sleep(250); return; } flashClient = ProcessManager.IsFlashClient(); foreach (Process process in processes) { if (!whitelistedAddresses.ContainsKey(process.Id)) { whitelistedAddresses.Add(process.Id, new List <long>()); } List <long> whitelist = whitelistedAddresses[process.Id]; proc_min_address_l = sys_min_address_l; IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id); MEMORY_BASIC_INFORMATION mem_basic_info = new MEMORY_BASIC_INFORMATION(); int bytesRead = 0; // number of bytes read with ReadProcessMemory int scanSpeed = SettingsManager.getSettingInt("ScanSpeed"); try { while (proc_min_address_l < proc_max_address_l) { proc_min_address = new IntPtr(proc_min_address_l); // 28 = sizeof(MEMORY_BASIC_INFORMATION) VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); long addr = (long)proc_min_address; // check if this memory chunk is accessible if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT) { if (!whitelist.Contains(addr)) { if (missingChunksBuffer == null || missingChunksBuffer.Length < mem_basic_info.RegionSize) { missingChunksBuffer = new byte[mem_basic_info.RegionSize]; } // read everything in the buffer above ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, missingChunksBuffer, mem_basic_info.RegionSize, ref bytesRead); // scan the memory for strings that start with timestamps and end with the null terminator ('\0') IEnumerable <string> timestampLines; if (!flashClient) { timestampLines = Parser.FindTimestamps(missingChunksBuffer, bytesRead); } else { timestampLines = Parser.FindTimestampsFlash(missingChunksBuffer, bytesRead); } // if there are any timestamps found, add the address to the list of whitelisted addresses foreach (string str in timestampLines) { whitelist.Add(addr); break; } // performance throttling sleep after every scan (depending on scanSpeed setting) if (!initialScan) { Thread.Sleep(10 + scanSpeed); } else if (scanSpeed > 50) { Thread.Sleep(scanSpeed - 50); } } } // move to the next memory chunk proc_min_address_l += mem_basic_info.RegionSize; } } catch (Exception ex) { Console.WriteLine(ex.Message); return; } } initialScan = false; }
public static ReadMemoryResults ReadMemory() { ReadMemoryResults results = null; SYSTEM_INFO sys_info = new SYSTEM_INFO(); GetSystemInfo(out sys_info); IntPtr proc_min_address = sys_info.minimumApplicationAddress; IntPtr proc_max_address = sys_info.maximumApplicationAddress; long proc_min_address_l = (long)proc_min_address; long proc_max_address_l = (long)proc_max_address; Process[] processes = ProcessManager.GetTibiaProcesses(); if (processes == null || processes.Length == 0) { // Tibia process could not be found, wait for a bit and return Thread.Sleep(250); return(null); } int scanSpeed = SettingsManager.getSettingInt("ScanSpeed"); results = new ReadMemoryResults(); flashClient = ProcessManager.IsFlashClient(); foreach (Process process in processes) { if (!whitelistedAddresses.ContainsKey(process.Id)) { continue; } List <long> whitelist = whitelistedAddresses[process.Id]; IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id); int bytesRead = 0; // number of bytes read with ReadProcessMemory for (int i = 0; i < whitelist.Count; i++) { long addr = whitelist[i]; if (addr < 0) { continue; } proc_min_address = new IntPtr(addr); MEMORY_BASIC_INFORMATION mem_basic_info; VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT) { if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize) { memoryBuffer = new byte[mem_basic_info.RegionSize]; } // read everything in the buffer above ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead); // scan the memory for strings that start with timestamps and end with the null terminator ('\0') IEnumerable <string> timestampLines; if (!flashClient) { timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead); } else { timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead); } if (!SearchChunk(timestampLines, results)) { whitelist[i] = -1; } // performance throttling sleep after every scan (depending on scanSpeed setting) if (scanSpeed > 0) { Thread.Sleep(scanSpeed); } } } process.Dispose(); } FinalCleanup(results); return(results); }
public static ReadMemoryResults ReadMemory() { ReadMemoryResults results = null; SYSTEM_INFO sys_info; GetSystemInfo(out sys_info); IntPtr proc_min_address = sys_info.minimumApplicationAddress; IntPtr proc_max_address = sys_info.maximumApplicationAddress; long proc_min_address_l = (long)proc_min_address; long proc_max_address_l = (long)proc_max_address; Process[] processes = ProcessManager.GetTibiaProcesses(); if (processes == null || processes.Length == 0) { return(null); } results = new ReadMemoryResults(); flashClient = ProcessManager.IsFlashClient(); Dictionary <int, HashSet <long> > newWhitelistedAddresses = null; Interlocked.Exchange(ref newWhitelistedAddresses, whiteListedAddresses); foreach (Process process in processes) { HashSet <long> whitelist; if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist)) { continue; } IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id); int bytesRead = 0; // number of bytes read with ReadProcessMemory foreach (long addr in whitelist) { proc_min_address = new IntPtr(addr); MEMORY_BASIC_INFORMATION mem_basic_info; VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT) { if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize) { memoryBuffer = new byte[mem_basic_info.RegionSize]; } // read everything in the buffer above ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead); // scan the memory for strings that start with timestamps and end with the null terminator ('\0') IEnumerable <string> timestampLines; if (!flashClient) { timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead); } else { timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead); } SearchChunk(timestampLines, results); } } process.Dispose(); } FinalCleanup(results); return(results); }