// returns not found
public static List <Signature> ResolveSignatures(HookProcess proc, ref List <Signature> signatures)
{
const int bufferSize = 0x1200;
const int regionIncrement = 0x1000;
byte[] buffer = new byte[bufferSize];
List <Signature> notFound = new List <Signature>(signatures);
List <Signature> temp = new List <Signature>();
var regionCount = 0;
IntPtr baseAddress = proc.BaseAddress;
IntPtr searchEnd = proc.EndAddress;
IntPtr searchStart = baseAddress;
while (searchStart.ToInt64() < searchEnd.ToInt64())
{
try {
IntPtr lpNumberOfBytesRead;
var regionSize = new IntPtr(bufferSize);
if (IntPtr.Add(searchStart, bufferSize).ToInt64() > searchEnd.ToInt64())
{
regionSize = (IntPtr)(searchEnd.ToInt64() - searchStart.ToInt64());
}
if (UnsafeNativeMethods.ReadProcessMemory(proc.Handle, searchStart, buffer, regionSize, out lpNumberOfBytesRead))
{
foreach (Signature signature in notFound)
{
string sig = signature.Value;
byte[] sigbytes = SignatureToByte(sig, WildCardChar);
var index = FindSuperSignature(buffer, sigbytes);
if (index < 0)
{
temp.Add(signature);
continue;
}
var baseResult = new IntPtr((long)(baseAddress + regionCount * regionIncrement));
IntPtr searchResult = IntPtr.Add(baseResult, index + signature.Offset);
signature.baseAddress = new IntPtr(searchResult.ToInt64());
}
notFound = new List <Signature>(temp);
temp.Clear();
}
regionCount++;
searchStart = IntPtr.Add(searchStart, regionIncrement);
}
catch (Exception ex) {
//MemoryHandler.Instance.RaiseException(Logger, ex, true);
Console.WriteLine("Resolve signatures " + ex.ToString());
}
}
// Clear out
foreach (Signature signature in notFound)
{
signatures.Remove(signature);
}
List <Signature> fixedSignatures = new List <Signature>();
foreach (Signature signature in signatures)
{
Signature sig = signature;
if (!string.IsNullOrEmpty(sig.Type))
{
Type t = Type.GetType("FFMemoryParser." + sig.Type);
if (t != null)
{
sig = (Signature)Activator.CreateInstance(t, sig);
sig.ResolvePointerPath(proc);
Console.WriteLine(string.Format("{0} {1} {2}", sig.Key, sig.baseAddress, sig.baseAddress));
fixedSignatures.Add(sig);
continue;
}
}
Console.WriteLine(string.Format("Could not find type for {0}", sig.Key));
}
signatures = fixedSignatures;
return(notFound);
}