public void GetMemoryInfo(IntPtr pHandle)
{
memoryInfo.Clear();
IntPtr current = (IntPtr)65536;
while (true)
{
MemInfo memInfo = default(MemInfo);
int dump = WinAPI.VirtualQueryEx(pHandle, current, out memInfo, Marshal.SizeOf(memInfo));
if (dump == 0)
{
break;
}
long regionSize = (long)memInfo.RegionSize;
if (regionSize <= 0 || (int)regionSize != regionSize)
{
if (MemoryReader.is64Bit)
{
current = (IntPtr)((ulong)memInfo.BaseAddress + (ulong)memInfo.RegionSize);
continue;
}
break;
}
if (MemoryFilter(memInfo))
{
memoryInfo.Add(memInfo);
}
current = memInfo.BaseAddress + (int)regionSize;
}
}
public List <IntPtr> FindSignatures(Process process, string signature)
{
GetSignature(signature, out byte[] pattern, out bool[] mask);
GetMemoryInfo(process.Handle);
int[] offsets = GetCharacterOffsets(pattern, mask);
List <IntPtr> pointers = new List <IntPtr>();
for (int i = 0; i < memoryInfo.Count; i++)
{
MemInfo info = memoryInfo[i];
int index = 0;
do
{
int previousIndex = index;
index = ReadMemory(process, i, index, out int bytesRead);
info.BaseAddress += previousIndex;
ScanMemory(pointers, info, buffer, bytesRead, pattern, mask, offsets);
info.BaseAddress -= previousIndex;
if (index > 0)
{
index -= pattern.Length - 1;
}
} while (index > 0);
}
return(pointers);
}
public IntPtr FindSignature(Process process, string signature)
{
GetSignature(signature, out byte[] pattern, out bool[] mask);
GetMemoryInfo(process.Handle);
int[] offsets = GetCharacterOffsets(pattern, mask);
for (int i = 0; i < memoryInfo.Count; i++)
{
MemInfo info = memoryInfo[i];
int index = 0;
do
{
int previousIndex = index;
index = ReadMemory(process, i, index, out int bytesRead);
int result = ScanMemory(buffer, bytesRead, pattern, mask, offsets);
if (result != int.MinValue)
{
return(info.BaseAddress + result + previousIndex);
}
if (index > 0)
{
index -= pattern.Length - 1;
}
} while (index > 0);
}
return(IntPtr.Zero);
}
public int ReadMemory(Process process, int index, int startIndex, out int bytesRead)
{
MemInfo info = memoryInfo[index];
int returnIndex = -1;
int amountToRead = (int)((uint)info.RegionSize - (uint)startIndex);
if (amountToRead > BUFFER_SIZE)
{
returnIndex = startIndex + BUFFER_SIZE;
amountToRead = BUFFER_SIZE;
}
WinAPI.ReadProcessMemory(process.Handle, info.BaseAddress + startIndex, buffer, amountToRead, out bytesRead);
return(returnIndex);
}
public bool VerifySignature(Process process, IntPtr pointer, string signature)
{
GetSignature(signature, out byte[] pattern, out bool[] mask);
int[] offsets = GetCharacterOffsets(pattern, mask);
MemInfo memInfoStart = default(MemInfo);
if (WinAPI.VirtualQueryEx(process.Handle, pointer, out memInfoStart, Marshal.SizeOf(memInfoStart)) == 0 ||
WinAPI.VirtualQueryEx(process.Handle, pointer + pattern.Length, out MemInfo memInfoEnd, Marshal.SizeOf(memInfoStart)) == 0 ||
memInfoStart.BaseAddress != memInfoEnd.BaseAddress || !MemoryFilter(memInfoStart))
{
return(false);
}
byte[] buff = new byte[pattern.Length];
WinAPI.ReadProcessMemory(process.Handle, pointer, buff, buff.Length, out _);
return(ScanMemory(buff, buff.Length, pattern, mask, offsets) == 0);
}
private void ScanMemory(List <IntPtr> pointers, MemInfo info, byte[] data, int dataLength, byte[] search, bool[] mask, int[] offsets)
{
int current = 0;
int end = search.Length - 1;
while (current <= dataLength - search.Length)
{
for (int i = end; data[current + i] == search[i] || mask[i]; i--)
{
if (i == 0)
{
pointers.Add(info.BaseAddress + current);
break;
}
}
int offset = offsets[data[current + end]];
current += offset;
}
}
public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MemInfo lpBuffer, int dwLength);