/// <summary> /// Converts a module address to an image address. /// </summary> /// <param name="context">The module address context.</param> /// <param name="moduleAddress">The module address.</param> /// <returns>The image address.</returns> public static uint ToImageAddress(ModuleAddressContext context, uint moduleAddress) { if (!IsValidModuleAddress(context, moduleAddress)) { throw new ArgumentOutOfRangeException(); } return(moduleAddress + context.ImageBaseAddress - context.BaseAddress); }
/// <summary> /// Initializes a new instance of the <see cref="ModuleAddress"/> class. /// </summary> /// <param name="context">The module address context.</param> /// <param name="moduleAddress">The module address.</param> public ModuleAddress(ModuleAddressContext context, uint moduleAddress) { if (!IsValidModuleAddress(context, moduleAddress)) { throw new ArgumentOutOfRangeException(); } Context = context; Value = moduleAddress; }
/// <summary> /// Converts an image address to a module address. /// </summary> /// <param name="context">The module address context.</param> /// <param name="imageAddress">The image address.</param> /// <returns>The module address.</returns> public static ModuleAddress FromImageAddress(ModuleAddressContext context, uint imageAddress) { uint moduleAddress = imageAddress - context.ImageBaseAddress + context.BaseAddress; if (!IsValidModuleAddress(context, moduleAddress)) { throw new ArgumentOutOfRangeException(); } return(new ModuleAddress(context, moduleAddress)); }
/// <summary> /// Determines if the specified module address is valid under the given context. /// </summary> /// <param name="context">The module address context.</param> /// <param name="moduleAddress">The module address.</param> /// <returns>Returns true if the module address is valid.</returns> public static bool IsValidModuleAddress(ModuleAddressContext context, uint moduleAddress) { return(moduleAddress >= context.BaseAddress && moduleAddress <= context.BaseAddress + context.Size); }
/// <summary> /// Initializes core components. /// </summary> private void Initialize(Process process) { // get process info Process = process; ProcessHandle = Kernel32.OpenProcess(ProcessAccessFlags.All, false, (uint)Process.Id); MainThreadId = User32.GetWindowThreadProcessId(Process.MainWindowHandle); MainThreadHandle = Kernel32.OpenThread(ThreadAccessFlags.All, false, MainThreadId); ModuleContext = new ModuleAddressContext(ImageBaseAddress, ProcessBaseAddress, (uint)Process.MainModule.ModuleMemorySize); // look away! - get original image base address and build time from PE header - http://blogs.msdn.com/b/kstanton/archive/2004/03/31/105060.aspx using (FileStream fs = new FileStream(Process.MainModule.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) using (BinaryReader br = new BinaryReader(fs)) { fs.Position = Marshal.OffsetOf(typeof(ImageDosHeader), nameof(ImageDosHeader.e_lfanew)).ToInt32(); int ntHeaderOffset = br.ReadInt32(); int fileHeaderOffset = Marshal.OffsetOf(typeof(ImageNtHeaders32), nameof(ImageNtHeaders32.FileHeader)).ToInt32(); fs.Position = ntHeaderOffset + fileHeaderOffset + Marshal.OffsetOf(typeof(ImageFileHeader32), nameof(ImageFileHeader32.TimeDateStamp)).ToInt32(); Version = (GameVersion)br.ReadUInt32(); int fileHeaderSize = Marshal.SizeOf(typeof(ImageFileHeader32)); int imageBaseOffset = Marshal.OffsetOf(typeof(ImageOptionalHeader32), nameof(ImageOptionalHeader32.ImageBase)).ToInt32(); fs.Position = ntHeaderOffset + fileHeaderOffset + fileHeaderSize + imageBaseOffset; ImageBaseAddress = br.ReadUInt32(); } // initialize access to various sub-systems Memory = new ProcessStream(ProcessHandle); TlsAddress = GetTlsAddress(MainThreadHandle); TagCache = new TagCache(this); Addresses = new GameAddresses(this); }