private IntPtr GetVersionedFunctionPointer(Process program)
        {
            if (signatures != null)
            {
                MemorySearcher searcher = new MemorySearcher();
                searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.State & 0x1000) != 0 && (info.Protect & 0x40) != 0 && (info.Protect & 0x100) == 0);
                };
                for (int i = 0; i < signatures.Length; i++)
                {
                    ProgramSignature signature = signatures[i];

                    IntPtr ptr = searcher.FindSignature(program, signature.Signature);
                    if (ptr != IntPtr.Zero)
                    {
                        Version = signature.Version;
                        return(ptr + signature.Offset);
                    }
                }
            }
            else
            {
                IntPtr ptr = (IntPtr)program.Read <uint>(program.MainModule.BaseAddress, offsets);
                if (ptr != IntPtr.Zero)
                {
                    return(ptr);
                }
            }

            return(IntPtr.Zero);
        }
Exemplo n.º 2
0
        private IntPtr GetPointer(Process program, string asmName)
        {
            if (string.IsNullOrEmpty(asmName))
            {
                Searcher.MemoryFilter = delegate(MemInfo info) {
                    return((info.State & 0x1000) != 0 && (info.Protect & 0x40) != 0 && (info.Protect & 0x100) == 0);
                };
            }
            else
            {
                Tuple <IntPtr, IntPtr> range = ProgramPointer.GetAddressRange(program, asmName);
                Searcher.MemoryFilter = delegate(MemInfo info) {
                    return((ulong)info.BaseAddress >= (ulong)range.Item1 && (ulong)info.BaseAddress <= (ulong)range.Item2 && (info.State & 0x1000) != 0 && (info.Protect & 0x20) != 0 && (info.Protect & 0x100) == 0);
                };
            }

            BasePtr = Searcher.FindSignature(program, Signature);
            if (BasePtr != IntPtr.Zero)
            {
                LastVerified = DateTime.Now.AddSeconds(5);
                int offset = CalculateRelative(program);
                return(BasePtr + offset);
            }
            return(BasePtr);
        }