public ProgramPointer(AutoDeref autoDeref, params ProgramSignature[] signatures) { AutoDeref = autoDeref; this.signatures = signatures; lastID = -1; lastTry = DateTime.MinValue; }
public ProgramPointer(AutoDeref autoDeref, params int[] offsets) { AutoDeref = autoDeref; this.offsets = offsets; lastID = -1; lastTry = DateTime.MinValue; }
public FindIl2Cpp(AutoDeref autoDeref, string fullName, int offset) { AutoDeref = autoDeref; FullName = fullName; Offset = offset; BasePtr = IntPtr.Zero; }
public FindOffset(PointerVersion version, AutoDeref autoDeref, params int[] offsets) { Version = version; AutoDeref = autoDeref; Offsets = offsets; LastVerified = DateTime.MaxValue; }
public static IntPtr DerefPointer(Process program, IntPtr pointer, AutoDeref autoDeref) { if (pointer != IntPtr.Zero) { if (autoDeref != AutoDeref.None) { if (MemoryReader.is64Bit) { pointer = (IntPtr)program.Read <ulong>(pointer); } else { pointer = (IntPtr)program.Read <uint>(pointer); } if (autoDeref == AutoDeref.Double) { if (MemoryReader.is64Bit) { pointer = (IntPtr)program.Read <ulong>(pointer); } else { pointer = (IntPtr)program.Read <uint>(pointer); } } } } return(pointer); }
public FindIl2Cpp(PointerVersion version, AutoDeref autoDeref, string fullName, int offset) { Version = version; AutoDeref = autoDeref; FullName = fullName; Offset = offset; BasePtr = IntPtr.Zero; }
public FindPointerSignature(PointerVersion version, AutoDeref autoDeref, string signature, int offset) { Version = version; AutoDeref = autoDeref; Signature = signature; Offset = offset; BasePtr = IntPtr.Zero; }
public FindPointerSignature(PointerVersion version, AutoDeref autoDeref, string signature, params int[] relative) { Version = version; AutoDeref = autoDeref; Signature = signature; BasePtr = IntPtr.Zero; Searcher = new MemorySearcher(); LastVerified = DateTime.MaxValue; Relative = relative; }
public ProgramPointer(AutoDeref autoDeref, params ProgramSignature[] signatures) { AutoDeref = autoDeref; this.signatures = signatures; lastID = -1; lastTry = DateTime.MinValue; searcher = new MemorySearcher(); searcher.MemoryFilter = delegate(MemInfo info) { return((info.State & 0x1000) != 0 && (info.Protect & 0x40) != 0 && (info.Protect & 0x100) == 0); }; }
public static IntPtr DerefPointer(Process program, IntPtr pointer, AutoDeref autoDeref) { if (pointer != IntPtr.Zero) { if (autoDeref != AutoDeref.None) { pointer = program.Read <IntPtr>(pointer); if (autoDeref == AutoDeref.Double) { pointer = program.Read <IntPtr>(pointer); } } } return(pointer); }
private IntPtr GetVersionedFunctionPointer(Process program) { if (program.ProcessName.Equals("nestopia", StringComparison.OrdinalIgnoreCase)) { AutoDeref = AutoDeref.None; MemorySearcher searcher = new MemorySearcher(); searcher.MemoryFilter = delegate(MemInfo info) { return((info.Protect & 0x4) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0); }; searcher.GetMemoryInfo(program.Handle); for (int i = 0; i < searcher.memoryInfo.Count; i++) { byte[] data = searcher.ReadMemory(program, i); int pointer1 = BitConverter.ToInt32(data, 0); int pointer2 = BitConverter.ToInt32(data, 4); long padding = BitConverter.ToInt64(data, 8); if (pointer1 == pointer2 && pointer1 != 0 && padding == 0) { return(searcher.memoryInfo[i].BaseAddress + 0xab8); } } return(IntPtr.Zero); } else if (program.ProcessName.Equals("emuhawk", StringComparison.OrdinalIgnoreCase)) { MemorySearcher searcher = new MemorySearcher(); searcher.MemoryFilter = delegate(MemInfo info) { return((info.Protect & 0x40) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0); }; //BizHawk.Client.Common.Global.get_SystemInfo ProgramSignature signature = new ProgramSignature(PointerVersion.V1, "488B0949BB????????????????390941FF13488BF0488BCEE8", -8); IntPtr ptr = searcher.FindSignature(program, signature.Signature); if (ptr != IntPtr.Zero) { AutoDeref = AutoDeref.Single; Version = signature.Version; return(ptr + signature.Offset); } } return(program.MainModule.BaseAddress + offsets[0]); }
public static IntPtr DerefPointer(Process program, IntPtr pointer, AutoDeref autoDeref) { if (pointer != IntPtr.Zero) { switch (autoDeref) { case AutoDeref.Single: pointer = program.Read<IntPtr>(pointer); break; case AutoDeref.Single32: pointer = (IntPtr)program.Read<uint>(pointer); break; case AutoDeref.Double: pointer = program.Read<IntPtr>(pointer); pointer = program.Read<IntPtr>(pointer); break; case AutoDeref.Double32: pointer = (IntPtr)program.Read<uint>(pointer); pointer = program.Read<IntPtr>(pointer); break; } } return pointer; }
private IntPtr GetVersionedFunctionPointer(Process program) { MemorySearcher searcher = new MemorySearcher(); searcher.MemoryFilter = delegate(MemInfo info) { return((info.Protect & 0x40) != 0 && (info.State & 0x1000) != 0 && (info.Type & 0x20000) != 0); }; //BizHawk.Client.EmuHawk.DisplayManager.CalculateCompleteContentPadding ProgramSignature signature = new ProgramSignature(PointerVersion.Win10_223, "448B41104489442438488BCA488D5424404C8D442428E8", 38); IntPtr ptr = searcher.FindSignature(program, signature.Signature); if (ptr == IntPtr.Zero) { //BizHawk.Client.Common.Global.get_SystemInfo signature = new ProgramSignature(PointerVersion.Win7_221, "488B00E9????????BA????????488B1248B9????????????????E8????????488BC849BB", 9); ptr = searcher.FindSignature(program, signature.Signature); } if (ptr == IntPtr.Zero) { signature = new ProgramSignature(PointerVersion.Win7_230, "488BF8BA????????488B124885D20F84", 4); ptr = searcher.FindSignature(program, signature.Signature); } if (ptr == IntPtr.Zero) { signature = new ProgramSignature(PointerVersion.Win10_221, "83EC2048B9????????????????488B0949BB????????????????390941FF13488BF0488BCEE8", 5); ptr = searcher.FindSignature(program, signature.Signature); } if (ptr != IntPtr.Zero) { AutoDeref = AutoDeref.Single; Version = signature.Version; return(ptr + signature.Offset); } Version = PointerVersion.None; return(IntPtr.Zero); }