public SpiderControl(MainWindow mainWindow, TabItem tabItem)
{
if (SpiderSearch == null)
{
SpiderSearch = new SpiderSearch()
{
Aligned = false,
Is64Bit = true,
DataType = DataType.UTF16,
Length = 2096,
Levels = 2,
Match = true,
Name = "New Tab",
Variance = 0,
StringLength = 200,
Alignment = 2
};
}
_mainWindow = mainWindow;
_tabItem = tabItem;
Alignments = new List <int>();
Alignments.Add(1);
Alignments.Add(2);
Alignments.Add(4);
Alignments.Add(8);
DataTypes = new List <DataType>();
DataTypes.Add(DataType.Byte);
DataTypes.Add(DataType.Int);
DataTypes.Add(DataType.Long);
DataTypes.Add(DataType.Float);
DataTypes.Add(DataType.UInt);
DataTypes.Add(DataType.UTF16);
InitializeComponent();
}
public void Button_ReFilterValues_Click(object sender, RoutedEventArgs e)
{
var processes = Process.GetProcessesByName(_mainWindow.SelectedProcessName);
if (!processes.Any())
{
MessageBox.Show("Select a process");
return;
}
var process = processes.First();
var memory = new Memory(process.Id);
try
{
SpiderSearch.Address = long.Parse(TextBox_Address.Text);
SpiderSearch.Reload(memory);
}
finally
{
memory.Close();
}
var results = SpiderSearch.Results.Where(o => TextBox_Value.Text != o.Current).ToList();
var dict = SpiderSearch.Results.ToDictionary(o => o.Id, o => o);
foreach (var spiderResult in results)
{
dict.Remove(spiderResult.Id);
}
SpiderSearch.Results = dict.Values.ToList();
VisibleResults = SpiderSearch.Results.Take(200).ToList();
}
public void Button_ReloadValues_Click(object sender, RoutedEventArgs e)
{
var processes = Process.GetProcessesByName(_mainWindow.SelectedProcessName);
if (!processes.Any())
{
MessageBox.Show("Select a process");
return;
}
var process = processes.First();
var memory = new Memory(process.Id);
try
{
SpiderSearch.Address = long.Parse(TextBox_Address.Text);
SpiderSearch.Reload(memory);
foreach (var visibleResult in VisibleResults)
{
visibleResult.CallPropertyChanged("Current");
visibleResult.CallPropertyChanged("Value");
}
}
finally
{
memory.Close();
}
}
public SpiderControl(MainWindow mainWindow, TabItem tabItem, SpiderSearch search) : this(mainWindow, tabItem)
{
SpiderSearch = search;
VisibleResults = SpiderSearch.Results.Take(1000).ToList();
}
private string CheckForMatchValue(byte[] data, int index, SpiderSearch request)
{
switch (request.DataType)
{
case DataType.UTF16:
string stringValue = Encoding.Unicode.GetString(data, index, request.StringLength);
int num = stringValue.IndexOf('\0');
stringValue = num > 0 ? stringValue.Substring(0, num) : stringValue;
if (String.IsNullOrWhiteSpace(stringValue))
{
return(null);
}
bool match = stringValue.StartsWith(request.StringValue);
if (match || !request.Match)
{
return(stringValue);
}
break;
case DataType.Byte:
var byteValue = data[index];
if (byteValue == (byte)request.LongValue || !request.Match)
{
return(byteValue.ToString());
}
break;
case DataType.Int:
var intValue = BitConverter.ToInt32(data, index);
if (intValue == (int)request.LongValue || !request.Match)
{
return(intValue.ToString());
}
break;
case DataType.Long:
var longValue = BitConverter.ToInt64(data, index);
if (longValue == request.LongValue || !request.Match)
{
return(longValue.ToString());
}
break;
case DataType.Float:
var floatValue = BitConverter.ToSingle(data, index);
if (Math.Abs(floatValue - request.FloatValue) < .001 || !request.Match)
{
return(floatValue.ToString(CultureInfo.InvariantCulture));
}
break;
case DataType.UInt:
var uIntValue = BitConverter.ToUInt32(data, index);
if (uIntValue == (uint)request.LongValue || !request.Match)
{
return(uIntValue.ToString());
}
break;
}
return(null);
}
private void CheckNextLevel(int level, long startAddress, SpiderResult parentResult, SpiderSearch search, ConcurrentBag <SpiderResult> results, Memory memory)
{
var allData = memory.ReadBytes(startAddress, search.Length + search.ExtraRead);
for (int index = 0; index < search.EndIncrement; index++)
{
var offset = index * search.Alignment;
var addressToCheck = startAddress + offset;
var match = CheckForMatchValue(allData, offset, search);
if (match != null)
{
AddResult(level, parentResult, results, match, offset, addressToCheck);
}
if (!(level >= search.Levels))
{
var nextResult = new SpiderResult(parentResult);
nextResult.SetOffset(level, index * search.Alignment, addressToCheck);
var nextLevel = level + 1;
if (search.Is64Bit)
{
var pointer = BitConverter.ToInt64(allData, offset);
if (pointer > 50000)
{
CheckNextLevel(nextLevel, pointer, nextResult, search, results, memory);
}
}
else
{
var pointer = BitConverter.ToInt32(allData, offset);
if (pointer > 50000)
{
CheckNextLevel(nextLevel, pointer, nextResult, search, results, memory);
}
}
}
}
}
