private void btnScan_OnClick()
{
try {
switch (currentScanStatus)
{
case Memory.ScanStatus.CanScan:
ScanOptions scanOptions = new ScanOptions()
{
strScanValue = txtBoxScanValue.Text,
strScanSecondValue = txtBoxScanSecondValue.Text,
isHexValue = chkBoxIsHexValue.Checked,
strSectionNameInclusionFilter = txtBoxSectionsFilterInclude.Text,
strSectionNameExclusionFilter = txtBoxSectionsFilterExclude.Text,
sectionPageProtectionFilter = (librpc.VM_PROT)Enum.Parse(typeof(librpc.VM_PROT), (String)cmbBoxSectionsFilterProtection.SelectedItem),
sectionMaxLengthFilter = Convert.ToInt32(numUpDownSectionMaxLength.Value)
};
bgWorkerScanner.RunWorkerAsync(scanOptions);
break;
case Memory.ScanStatus.DidScan:
listViewResults.Items.Clear();
currentScanStatus = Memory.ScanStatus.CanScan;
break;
case Memory.ScanStatus.Scanning:
bgWorkerScanner.CancelAsync();
break;
}
} catch (Exception ex) {
MessageBox.Show(ex.ToString(), "btnScan");
}
}
private void bgWorkerScanner_RunWorkerCompleted(Object sender, RunWorkerCompletedEventArgs e)
{
listViewResults.EndUpdate();
currentScanStatus = Memory.ScanStatus.DidScan;
if (e.Error != null)
{
uiStatusStrip_lblStatus.Text = $"Error: {e.Error.Message}";
}
else
{
uiStatusStrip_lblStatus.Text = $"[100%] Finished scanning, {listScanResults.Count} results.";
}
btnScanUndo.Enabled = listPreviousScanResults.Count > 0;
}
private void uiToolStrip_ProcessManager_cmbBoxActiveProcess_SelectedIndexChanged(Object sender, EventArgs e)
{
try {
var comboBox = sender as ToolStripComboBox;
if (comboBox.SelectedIndex < 0)
{
comboBox.SelectedIndex = 0;
return;
}
String selectedProcessName = (String)uiToolStrip_ProcessManager_cmbBoxActiveProcess.SelectedItem;
currentScanStatus = Memory.ScanStatus.CanScan;
Memory.ActiveProcess.setActiveProcess(Memory.getProcessInfoFromName(selectedProcessName));
if (selectedProcessName == "eboot.bin")
{
lblProcessInfo.Text = $"{Memory.CUSAInfo.getId()} ({Memory.CUSAInfo.getVersionStr()})";
}
uiToolStrip_lblActiveProcess.Text = $"Process: {selectedProcessName}";
//uiToolStrip_btnOpenPointerScanner.Enabled = true;
} catch (Exception exception) {
MessageBox.Show(exception.ToString());
}
}
private void bgWorkerScanner_DoWork(Object sender, DoWorkEventArgs e)
{
Int32 mainUpdateProgress = 0, subUpdateProgress = 0;
Action <String, Int32> fnUpdateProgress = (String strUpdateText, Int32 updateProgress) =>
{
if (updateProgress >= 0)
{
bgWorkerScanner.ReportProgress(updateProgress);
}
listViewResults.Invoke(new Action(() => uiStatusStrip_lblStatus.Text = $"[{uiStatusStrip_progressBarScanPercent.Value}%] {strUpdateText}"));
};
listPreviousScanResults.Clear();
listPreviousScanResults.AddRange(listScanResults);
listScanResults.Clear();
listViewResults.Invoke(new Action(() => listViewResults.BeginUpdate()));
var oldScanStatus = currentScanStatus;
var scanValueType = currentScanValueType.getType();
currentScanStatus = Memory.ScanStatus.Scanning;
#region Read values
fnUpdateProgress("Reading values...", mainUpdateProgress);
ScanOptions scanOptions = (ScanOptions)e.Argument;
if (String.IsNullOrWhiteSpace(scanOptions.strScanValue) ||
(currentScanCompareType == CompareTypeValueBetween.mSelf & String.IsNullOrWhiteSpace(scanOptions.strScanSecondValue)))
{
fnUpdateProgress("Invalid values!", -1);
throw new Exception("Invalid values!");
}
mainUpdateProgress += 2;
#endregion
#region Parse values
fnUpdateProgress("Parsing values...", mainUpdateProgress);
dynamic[] scanValues = new dynamic[2];
if (currentScanValueType.getType() == typeof(Byte[]))
{
List <Byte> listBytes = new List <Byte>();
foreach (String strByte in scanOptions.strScanValue.Split(new Char[] { ' ', '-', ':' }, StringSplitOptions.RemoveEmptyEntries))
{
listBytes.Add(Convert.ToByte(strByte, 16));
}
scanValues[0] = listBytes.ToArray();
}
else
{
if (scanOptions.isHexValue)
{
var dicHexCast = new Dictionary <Type, Func <String, dynamic> >
{
{ typeof(Byte), val => Byte.Parse(val, NumberStyles.HexNumber) },
{ typeof(SByte), val => SByte.Parse(val, NumberStyles.HexNumber) },
{ typeof(Int16), val => Int16.Parse(val, NumberStyles.HexNumber) },
{ typeof(UInt16), val => UInt16.Parse(val, NumberStyles.HexNumber) },
{ typeof(Int32), val => Int32.Parse(val, NumberStyles.HexNumber) },
{ typeof(UInt32), val => UInt32.Parse(val, NumberStyles.HexNumber) },
{ typeof(Int64), val => Int64.Parse(val, NumberStyles.HexNumber) },
{ typeof(UInt64), val => UInt64.Parse(val, NumberStyles.HexNumber) },
{ typeof(Single), val => Single.Parse(val, NumberStyles.HexNumber) },
{ typeof(Double), val => Double.Parse(val, NumberStyles.HexNumber) }
};
try {
scanValues[0] = dicHexCast[scanValueType](scanOptions.strScanValue);
scanValues[1] = dicHexCast[scanValueType](scanOptions.strScanSecondValue);
} catch (OverflowException) {
scanValueType = currentScanValueType.getSignedType();
scanValues[0] = dicHexCast[scanValueType](scanOptions.strScanValue);
scanValues[1] = dicHexCast[scanValueType](scanOptions.strScanSecondValue);
}
}
else
{
try {
scanValues[0] = Convert.ChangeType(scanOptions.strScanValue, currentScanValueType.getType());
scanValues[1] = Convert.ChangeType(scanOptions.strScanSecondValue, currentScanValueType.getType());
} catch (OverflowException) {
scanValueType = currentScanValueType.getSignedType();
scanValues[0] = Convert.ChangeType(scanOptions.strScanValue, scanValueType);
scanValues[1] = Convert.ChangeType(scanOptions.strScanSecondValue, scanValueType);
}
}
}
mainUpdateProgress += 3;
#endregion
#region Scan values
List <ScanResult> scanResults = new List <ScanResult>();
#region Find sections
listFilteredProcessMemorySections.Clear();
listFilteredProcessMemorySections = Memory.Sections.getMemorySections(Memory.ActiveProcess.info, scanOptions.sectionPageProtectionFilter);
if (!String.IsNullOrWhiteSpace(scanOptions.strSectionNameInclusionFilter))
{
listFilteredProcessMemorySections.RemoveAll(section => !section.name.ContainsEx(scanOptions.strSectionNameInclusionFilter));
}
if (!String.IsNullOrWhiteSpace(scanOptions.strSectionNameExclusionFilter))
{
listFilteredProcessMemorySections.RemoveAll(section => section.name.ContainsEx(scanOptions.strSectionNameExclusionFilter));
}
listFilteredProcessMemorySections.RemoveAll(section => section.length > scanOptions.sectionMaxLengthFilter);
#endregion
#region Find address range of the scan
UInt64 processedMemoryRange = 0, totalMemoryRange = 0;
String scanSizeStr = getSizeStr(0);
var listScanAddressRange = new List <Tuple <librpc.MemorySection, UInt32> >();
Int32 lastAddedSectionIndex = -1;
Action <librpc.MemorySection, UInt32> fnAddSection = (librpc.MemorySection memorySection, UInt32 length) =>
{
if (length > 0)
{
listScanAddressRange.Add(new Tuple <librpc.MemorySection, UInt32>(memorySection, length));
lastAddedSectionIndex++;
}
};
Int32 dummyCounter = 0;
foreach (var section in listFilteredProcessMemorySections)
{
var lastAddedSection = listScanAddressRange.LastOrDefault();
if (lastAddedSection == null)
{
fnAddSection(section, section.length);
}
else
{
var lastAddedSectionEnd = lastAddedSection.Item1.start + (UInt64)lastAddedSection.Item2;
if (lastAddedSectionEnd == section.start)
{
if (lastAddedSection.Item2 < 100 * 1024)
{
listScanAddressRange[lastAddedSectionIndex] = new Tuple <librpc.MemorySection, UInt32>(lastAddedSection.Item1, lastAddedSection.Item2 + section.length);
}
else
{
fnAddSection(section, section.length);
}
}
else
{
fnAddSection(section, section.length);
}
}
totalMemoryRange += (UInt64)section.length;
scanSizeStr = getSizeStr(totalMemoryRange);
subUpdateProgress = Convert.ToInt32((++dummyCounter / (Double)listFilteredProcessMemorySections.Count) * 100);
mainUpdateProgress = Convert.ToInt32(subUpdateProgress * 0.30f);
fnUpdateProgress($"Finding scan address range... %{subUpdateProgress}", mainUpdateProgress);
}
#endregion
#region Scan
Boolean shouldEscape = false;
ObservableCollection <Tuple <librpc.MemorySection, Byte[]> > listReadBuffers = new ObservableCollection <Tuple <librpc.MemorySection, Byte[]> >();
listReadBuffers.CollectionChanged += new NotifyCollectionChangedEventHandler((collection, eventArgs) =>
{
new Thread(() =>
{
if (eventArgs.Action == NotifyCollectionChangedAction.Add)
{
foreach (Tuple <librpc.MemorySection, Byte[]> scanTuple in eventArgs.NewItems)
{
mainUpdateProgress = 30 + Convert.ToInt32((processedMemoryRange / (Double)totalMemoryRange) * 60);
fnUpdateProgress($"Scanning... {getSizeStr(processedMemoryRange)}/{scanSizeStr}", mainUpdateProgress);
var results = Memory.scan(scanTuple.Item1.start, scanTuple.Item2, scanValues[0], scanValueType, currentScanCompareType, new dynamic[2] {
scanValues[0], scanValues[1]
});
foreach (var resultTuple in results)
{
ScanResult scanResult = new ScanResult()
{
address = resultTuple.Item1,
memorySection = scanTuple.Item1,
memoryValue = resultTuple.Item2,
previousMemoryValue = resultTuple.Item2,
valueType = scanValueType
};
scanResults.Add(scanResult);
if (bgWorkerScanner.CancellationPending)
{
break;
}
}
processedMemoryRange += (UInt64)scanTuple.Item2.Length;
shouldEscape = (dummyCounter == listScanAddressRange.Count) || bgWorkerScanner.CancellationPending;
if (bgWorkerScanner.CancellationPending)
{
break;
}
}
}
}).Start();
});
foreach (var scanTuple in listScanAddressRange)
{
new Thread(() =>
{
Byte[] scanSearchBuffer = Memory.ActiveProcess.readByteArray(scanTuple.Item1.start, scanTuple.Item2);
if (scanSearchBuffer != null)
{
listReadBuffers.Add(new Tuple <librpc.MemorySection, Byte[]>(scanTuple.Item1, scanSearchBuffer));
}
}).Start();
if (bgWorkerScanner.CancellationPending || shouldEscape)
{
break;
}
Thread.Sleep(10);
}
while (!shouldEscape)
{
Thread.Sleep(100);
}
#endregion
#region Filter if next scan
if (oldScanStatus == Memory.ScanStatus.DidScan)
{
fnUpdateProgress("Filtering values...", mainUpdateProgress);
scanResults = scanResults.Intersect(listPreviousScanResults).ToList();
}
#endregion
#endregion
#region List results
listScanResults.AddRange(scanResults);
if (listScanResults.Count < 1000)
{
fnUpdateProgress($"Adding {listScanResults.Count} results to the list... (window may freeze)", 95);
listViewResults.Invoke(new Action(() => listViewResults.SetObjects(listScanResults)));
}
else
{
fnUpdateProgress($"Adding 1000 of {listScanResults.Count} results to the list... (window may freeze)", 95);
listViewResults.Invoke(new Action(() => listViewResults.SetObjects(listScanResults.Take(1000))));
}
#endregion
bgWorkerScanner.ReportProgress(100);
}
