private void FCbutton_Click(object sender, EventArgs e)
{
//DLL初始化
//获取进程ID
string ProName = ProNametextBox.ToString();
Process[] LocalName = Process.GetProcessesByName(GameName);
if (LocalName.Length != 1)
{
MessageBox.Show("无此进程名或者出现重复进程名");
return;
}
DLL.initDll(LocalName[0].Id);
//获取内容
//进制转换
Int32 FAddressInt = Convert.ToInt32(BasetextBox.Text, 16);
String FCodestr = FCtextBox.Text;
char[] SectionName = SectionNametextBox.Text.ToArray();
int size = FCodestr.Length / 2;
int result = 0;
int Count = 0;
List <Byte> Code = new List <Byte>();
for (int i = 0; i < size; i++)
{
//Debug.WriteLine(FCodestr.Substring(i*8, 8));
//Debug.WriteLine(FCodestr.Replace("?", "CC"));
//首先把?字符串转化为CC字符串
FCodestr = FCodestr.Replace("?", "C");
//开始转换 ascii码转换为字节 比如"8E"的ascii转成8E的单字节字节
Debug.WriteLine(Convert.ToByte(FCodestr.Substring(i * 2, 2), 16));
//转换后加入到Code 的List数组中去
Code.Add(Convert.ToByte(FCodestr.Substring(i * 2, 2), 16));
}
//特征码格式转换
System.Byte[] FCoderchr = Code.ToArray();
//获取区段大小
unsafe
{
int SectionBase = (int)&SectionBase;
int SectionSize = (int)&SectionSize;
result = DLL.GetProSectionSizeFromPE(FAddressInt, SectionName, SectionBase, SectionSize);
if (result == -1)
{
return;
}
//首先清空listview
ResultlistView.Items.Clear();
while (true)
{
//特征码搜索
result = DLL.FeatureCode(SectionBase, SectionSize, FCoderchr, size);
if (result == -1)
{
break;
}
// ListTextBox.AppendText(result.ToString("X") + "\r\n");
//开始写入listview 列表中
ListViewItem item = new ListViewItem();
Count++;
item.SubItems[0].Text = Count.ToString();
item.SubItems.Add(result.ToString("X"));
ResultlistView.Items.Add(item);
SectionBase = result + 1;
}
return;
}
}
private void button1_Click(object sender, EventArgs e)
{
//搜索二叉树
DLL.ReserchTree();
}
