private void btnScan_OnClick() { try { switch (currentScanStatus) { case Memory.ScanStatus.CanScan: ScanOptions scanOptions = new ScanOptions() { strScanValue = txtBoxScanValue.Text, strScanSecondValue = txtBoxScanSecondValue.Text, isHexValue = chkBoxIsHexValue.Checked, strSectionNameInclusionFilter = txtBoxSectionsFilterInclude.Text, strSectionNameExclusionFilter = txtBoxSectionsFilterExclude.Text, sectionPageProtectionFilter = (librpc.VM_PROT)Enum.Parse(typeof(librpc.VM_PROT), (String)cmbBoxSectionsFilterProtection.SelectedItem), sectionMaxLengthFilter = Convert.ToInt32(numUpDownSectionMaxLength.Value) }; bgWorkerScanner.RunWorkerAsync(scanOptions); break; case Memory.ScanStatus.DidScan: listViewResults.Items.Clear(); currentScanStatus = Memory.ScanStatus.CanScan; break; case Memory.ScanStatus.Scanning: bgWorkerScanner.CancelAsync(); break; } } catch (Exception ex) { MessageBox.Show(ex.ToString(), "btnScan"); } }
private void bgWorkerScanner_RunWorkerCompleted(Object sender, RunWorkerCompletedEventArgs e) { listViewResults.EndUpdate(); currentScanStatus = Memory.ScanStatus.DidScan; if (e.Error != null) { uiStatusStrip_lblStatus.Text = $"Error: {e.Error.Message}"; } else { uiStatusStrip_lblStatus.Text = $"[100%] Finished scanning, {listScanResults.Count} results."; } btnScanUndo.Enabled = listPreviousScanResults.Count > 0; }
private void uiToolStrip_ProcessManager_cmbBoxActiveProcess_SelectedIndexChanged(Object sender, EventArgs e) { try { var comboBox = sender as ToolStripComboBox; if (comboBox.SelectedIndex < 0) { comboBox.SelectedIndex = 0; return; } String selectedProcessName = (String)uiToolStrip_ProcessManager_cmbBoxActiveProcess.SelectedItem; currentScanStatus = Memory.ScanStatus.CanScan; Memory.ActiveProcess.setActiveProcess(Memory.getProcessInfoFromName(selectedProcessName)); if (selectedProcessName == "eboot.bin") { lblProcessInfo.Text = $"{Memory.CUSAInfo.getId()} ({Memory.CUSAInfo.getVersionStr()})"; } uiToolStrip_lblActiveProcess.Text = $"Process: {selectedProcessName}"; //uiToolStrip_btnOpenPointerScanner.Enabled = true; } catch (Exception exception) { MessageBox.Show(exception.ToString()); } }
private void bgWorkerScanner_DoWork(Object sender, DoWorkEventArgs e) { Int32 mainUpdateProgress = 0, subUpdateProgress = 0; Action <String, Int32> fnUpdateProgress = (String strUpdateText, Int32 updateProgress) => { if (updateProgress >= 0) { bgWorkerScanner.ReportProgress(updateProgress); } listViewResults.Invoke(new Action(() => uiStatusStrip_lblStatus.Text = $"[{uiStatusStrip_progressBarScanPercent.Value}%] {strUpdateText}")); }; listPreviousScanResults.Clear(); listPreviousScanResults.AddRange(listScanResults); listScanResults.Clear(); listViewResults.Invoke(new Action(() => listViewResults.BeginUpdate())); var oldScanStatus = currentScanStatus; var scanValueType = currentScanValueType.getType(); currentScanStatus = Memory.ScanStatus.Scanning; #region Read values fnUpdateProgress("Reading values...", mainUpdateProgress); ScanOptions scanOptions = (ScanOptions)e.Argument; if (String.IsNullOrWhiteSpace(scanOptions.strScanValue) || (currentScanCompareType == CompareTypeValueBetween.mSelf & String.IsNullOrWhiteSpace(scanOptions.strScanSecondValue))) { fnUpdateProgress("Invalid values!", -1); throw new Exception("Invalid values!"); } mainUpdateProgress += 2; #endregion #region Parse values fnUpdateProgress("Parsing values...", mainUpdateProgress); dynamic[] scanValues = new dynamic[2]; if (currentScanValueType.getType() == typeof(Byte[])) { List <Byte> listBytes = new List <Byte>(); foreach (String strByte in scanOptions.strScanValue.Split(new Char[] { ' ', '-', ':' }, StringSplitOptions.RemoveEmptyEntries)) { listBytes.Add(Convert.ToByte(strByte, 16)); } scanValues[0] = listBytes.ToArray(); } else { if (scanOptions.isHexValue) { var dicHexCast = new Dictionary <Type, Func <String, dynamic> > { { typeof(Byte), val => Byte.Parse(val, NumberStyles.HexNumber) }, { typeof(SByte), val => SByte.Parse(val, NumberStyles.HexNumber) }, { typeof(Int16), val => Int16.Parse(val, NumberStyles.HexNumber) }, { typeof(UInt16), val => UInt16.Parse(val, NumberStyles.HexNumber) }, { typeof(Int32), val => Int32.Parse(val, NumberStyles.HexNumber) }, { typeof(UInt32), val => UInt32.Parse(val, NumberStyles.HexNumber) }, { typeof(Int64), val => Int64.Parse(val, NumberStyles.HexNumber) }, { typeof(UInt64), val => UInt64.Parse(val, NumberStyles.HexNumber) }, { typeof(Single), val => Single.Parse(val, NumberStyles.HexNumber) }, { typeof(Double), val => Double.Parse(val, NumberStyles.HexNumber) } }; try { scanValues[0] = dicHexCast[scanValueType](scanOptions.strScanValue); scanValues[1] = dicHexCast[scanValueType](scanOptions.strScanSecondValue); } catch (OverflowException) { scanValueType = currentScanValueType.getSignedType(); scanValues[0] = dicHexCast[scanValueType](scanOptions.strScanValue); scanValues[1] = dicHexCast[scanValueType](scanOptions.strScanSecondValue); } } else { try { scanValues[0] = Convert.ChangeType(scanOptions.strScanValue, currentScanValueType.getType()); scanValues[1] = Convert.ChangeType(scanOptions.strScanSecondValue, currentScanValueType.getType()); } catch (OverflowException) { scanValueType = currentScanValueType.getSignedType(); scanValues[0] = Convert.ChangeType(scanOptions.strScanValue, scanValueType); scanValues[1] = Convert.ChangeType(scanOptions.strScanSecondValue, scanValueType); } } } mainUpdateProgress += 3; #endregion #region Scan values List <ScanResult> scanResults = new List <ScanResult>(); #region Find sections listFilteredProcessMemorySections.Clear(); listFilteredProcessMemorySections = Memory.Sections.getMemorySections(Memory.ActiveProcess.info, scanOptions.sectionPageProtectionFilter); if (!String.IsNullOrWhiteSpace(scanOptions.strSectionNameInclusionFilter)) { listFilteredProcessMemorySections.RemoveAll(section => !section.name.ContainsEx(scanOptions.strSectionNameInclusionFilter)); } if (!String.IsNullOrWhiteSpace(scanOptions.strSectionNameExclusionFilter)) { listFilteredProcessMemorySections.RemoveAll(section => section.name.ContainsEx(scanOptions.strSectionNameExclusionFilter)); } listFilteredProcessMemorySections.RemoveAll(section => section.length > scanOptions.sectionMaxLengthFilter); #endregion #region Find address range of the scan UInt64 processedMemoryRange = 0, totalMemoryRange = 0; String scanSizeStr = getSizeStr(0); var listScanAddressRange = new List <Tuple <librpc.MemorySection, UInt32> >(); Int32 lastAddedSectionIndex = -1; Action <librpc.MemorySection, UInt32> fnAddSection = (librpc.MemorySection memorySection, UInt32 length) => { if (length > 0) { listScanAddressRange.Add(new Tuple <librpc.MemorySection, UInt32>(memorySection, length)); lastAddedSectionIndex++; } }; Int32 dummyCounter = 0; foreach (var section in listFilteredProcessMemorySections) { var lastAddedSection = listScanAddressRange.LastOrDefault(); if (lastAddedSection == null) { fnAddSection(section, section.length); } else { var lastAddedSectionEnd = lastAddedSection.Item1.start + (UInt64)lastAddedSection.Item2; if (lastAddedSectionEnd == section.start) { if (lastAddedSection.Item2 < 100 * 1024) { listScanAddressRange[lastAddedSectionIndex] = new Tuple <librpc.MemorySection, UInt32>(lastAddedSection.Item1, lastAddedSection.Item2 + section.length); } else { fnAddSection(section, section.length); } } else { fnAddSection(section, section.length); } } totalMemoryRange += (UInt64)section.length; scanSizeStr = getSizeStr(totalMemoryRange); subUpdateProgress = Convert.ToInt32((++dummyCounter / (Double)listFilteredProcessMemorySections.Count) * 100); mainUpdateProgress = Convert.ToInt32(subUpdateProgress * 0.30f); fnUpdateProgress($"Finding scan address range... %{subUpdateProgress}", mainUpdateProgress); } #endregion #region Scan Boolean shouldEscape = false; ObservableCollection <Tuple <librpc.MemorySection, Byte[]> > listReadBuffers = new ObservableCollection <Tuple <librpc.MemorySection, Byte[]> >(); listReadBuffers.CollectionChanged += new NotifyCollectionChangedEventHandler((collection, eventArgs) => { new Thread(() => { if (eventArgs.Action == NotifyCollectionChangedAction.Add) { foreach (Tuple <librpc.MemorySection, Byte[]> scanTuple in eventArgs.NewItems) { mainUpdateProgress = 30 + Convert.ToInt32((processedMemoryRange / (Double)totalMemoryRange) * 60); fnUpdateProgress($"Scanning... {getSizeStr(processedMemoryRange)}/{scanSizeStr}", mainUpdateProgress); var results = Memory.scan(scanTuple.Item1.start, scanTuple.Item2, scanValues[0], scanValueType, currentScanCompareType, new dynamic[2] { scanValues[0], scanValues[1] }); foreach (var resultTuple in results) { ScanResult scanResult = new ScanResult() { address = resultTuple.Item1, memorySection = scanTuple.Item1, memoryValue = resultTuple.Item2, previousMemoryValue = resultTuple.Item2, valueType = scanValueType }; scanResults.Add(scanResult); if (bgWorkerScanner.CancellationPending) { break; } } processedMemoryRange += (UInt64)scanTuple.Item2.Length; shouldEscape = (dummyCounter == listScanAddressRange.Count) || bgWorkerScanner.CancellationPending; if (bgWorkerScanner.CancellationPending) { break; } } } }).Start(); }); foreach (var scanTuple in listScanAddressRange) { new Thread(() => { Byte[] scanSearchBuffer = Memory.ActiveProcess.readByteArray(scanTuple.Item1.start, scanTuple.Item2); if (scanSearchBuffer != null) { listReadBuffers.Add(new Tuple <librpc.MemorySection, Byte[]>(scanTuple.Item1, scanSearchBuffer)); } }).Start(); if (bgWorkerScanner.CancellationPending || shouldEscape) { break; } Thread.Sleep(10); } while (!shouldEscape) { Thread.Sleep(100); } #endregion #region Filter if next scan if (oldScanStatus == Memory.ScanStatus.DidScan) { fnUpdateProgress("Filtering values...", mainUpdateProgress); scanResults = scanResults.Intersect(listPreviousScanResults).ToList(); } #endregion #endregion #region List results listScanResults.AddRange(scanResults); if (listScanResults.Count < 1000) { fnUpdateProgress($"Adding {listScanResults.Count} results to the list... (window may freeze)", 95); listViewResults.Invoke(new Action(() => listViewResults.SetObjects(listScanResults))); } else { fnUpdateProgress($"Adding 1000 of {listScanResults.Count} results to the list... (window may freeze)", 95); listViewResults.Invoke(new Action(() => listViewResults.SetObjects(listScanResults.Take(1000)))); } #endregion bgWorkerScanner.ReportProgress(100); }