private Task <List <IntPtr> > ScanModules(long scanValue, ScanAlignment scanAlign, ScanType scanType) { return(Task.Run(async() => { var ret = new List <IntPtr>(); if (!_memory.IsValidProcess()) { return ret; } var modules = _memory.GetModuleList(); foreach (var processModule in modules) { ret.AddRange(await ScanMemory( scanValue, scanAlign, scanType, processModule.BaseAddress, processModule.BaseAddress + processModule.ModuleMemorySize)); } return ret; })); }
private Task <List <IntPtr> > ScanMemory(long scanValue, ScanAlignment scanAlign, ScanType scanType, IntPtr beginAddress, IntPtr endAddress) { const long chunk = 0x10000; return(Task.Run(() => { var ret = new List <IntPtr>(); // Get Memory Regions var currentAddress = beginAddress; var memRegions = new List <KeyValuePair <IntPtr, Win32.MemoryBasicInformation> >(); uint mbiSize = (uint)Marshal.SizeOf <Win32.MemoryBasicInformation>(); while (Win32.VirtualQueryEx(_memory.ProcessHandle, currentAddress, out var info, mbiSize) != 0 && beginAddress.ToInt64() < endAddress.ToInt64() + chunk) { if ((info.State & (int)Win32.MemoryState.MemCommit) != 0 && (info.Protect & (int)Win32.MemoryProtection.PageNoAccess) == 0) { memRegions.Add(new KeyValuePair <IntPtr, Win32.MemoryBasicInformation>(currentAddress, info)); } currentAddress = (IntPtr)(info.BaseAddress + info.RegionSize); } // Scan var lockObj = new object(); var bytesToCmp = BitConverter.GetBytes(scanValue); var ret1 = ret; Parallel.ForEach(memRegions, (memRegion, loopState) => { var(address, memInfo) = memRegion; bool read = _memory.ReadBytes(address, (long)memInfo.RegionSize, out var memoryBlock); if (!read) { return; } for (int scanIndex = 0; scanIndex < memoryBlock.Length; scanIndex++) { int k = 0; switch (scanType) { case ScanType.TypeExact: int index = scanIndex * (int)scanAlign; if (index > memoryBlock.Length - bytesToCmp.Length) { break; } for (int j = 0; j < bytesToCmp.Length; j++) { if (memoryBlock[index + j] != bytesToCmp[k]) { continue; } // Did we find it? if (++k != bytesToCmp.Length) { continue; } var curAddress = address + scanIndex * (int)scanAlign; lock (lockObj) ret1.Add(curAddress); } break; } } }); ret = ret.OrderBy(a => a.ToInt64()).ToList(); return ret; })); }
public Task <List <IntPtr> > Scan(long scanValue, ScanAlignment scanAlign, ScanType scanType) { return(Scan(scanValue, scanAlign, scanType, new IntPtr(0x0), new IntPtr(_memory.Is64Bit ? 0x7fffffffffff : 0x7fffffff))); }
public Task <List <IntPtr> > Scan(long scanValue, ScanAlignment scanAlign, ScanType scanType, IntPtr beginAddress, IntPtr endAddress) { return(ScanMemory(scanValue, scanAlign, scanType, beginAddress, endAddress)); }