public IntPtr Scan(SigScanTarget target) { if (_memory == null || _memory.Length != _size) { _memory = new byte[_size]; int read; if (!SafeNativeMethods.ReadProcessMemory(_process.Handle, _address, _memory, _size, out read) || read != _size) { _memory = null; return(IntPtr.Zero); } } foreach (SigScanTarget.Signature sig in target.Signatures) { IntPtr ptr = this.FindPattern(sig.Pattern, sig.Mask, sig.Offset); if (ptr != IntPtr.Zero) { if (target.OnFound != null) { ptr = target.OnFound(_process, ptr); } return(ptr); } } return(IntPtr.Zero); }
public IntPtr Scan(SigScanTarget target) { if (_memory == null || _memory.Length != _size) { _memory = new byte[_size]; int read; if (!SafeNativeMethods.ReadProcessMemory(_process.Handle, _address, _memory, _size, out read) || read != _size) { _memory = null; return IntPtr.Zero; } } foreach (SigScanTarget.Signature sig in target.Signatures) { IntPtr ptr = this.FindPattern(sig.Pattern, sig.Mask, sig.Offset); if (ptr != IntPtr.Zero) { if (target.OnFound != null) ptr = target.OnFound(_process, ptr); return ptr; } } return IntPtr.Zero; }
public GameMemory() { // TODO: refine hl2 2014 signatures once an update after the may 29th one is released /*// CBaseServer::(server_state_t)m_State * _serverStateTarget = new SigScanTarget(); * _serverStateTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; * // works for every engine.dll * // \x83\xf8\x01\x0f\x8c..\x00\x00\x3d\x00\x02\x00\x00\x0f\x8f..\x00\x00\x83\x3d(....)\x02\x7d * _serverStateTarget.AddSignature(22, * "83 F8 01", // cmp eax, 1 * "0F 8C ?? ?? 00 00", // jl loc_200087FB * "3D 00 02 00 00", // cmp eax, 200h * "0F 8F ?? ?? 00 00", // jg loc_200087FB * "83 3d ?? ?? ?? ?? 02", // cmp m_State, 2 * "7D"); // jge short loc_200085FD*/ // CGlobalVarsBase::curtime (g_ClientGlobalVariables aka gpGlobals) // hl2 old engine / portal latest / hl2 new engine _curTimeTarget = new SigScanTarget(); _curTimeTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // \xa3....\xb9....\xa3....\xe8....\xd9\x1d(....)\xb9....\xe8....\xd9\x1d _curTimeTarget.AddSignature(22, "A3 ?? ?? ?? ??", // mov dword_2038BA6C, eax "B9 ?? ?? ?? ??", // mov ecx, offset unk_2038B8E8 "A3 ?? ?? ?? ??", // mov dword_2035DDA4, eax "E8 ?? ?? ?? ??", // call sub_20048110 "D9 1D ?? ?? ?? ??", // fstp curTime "B9 ?? ?? ?? ??", // mov ecx, offset unk_2038B8E8 "E8 ?? ?? ?? ??", // call sub_20048130 "D9 1D"); // fstp frametime // dear esther / portal 2 // \x89\x96\xc4\x00\x00\x00\x8b\x86\xc8\x00\x00\x00\x8b\xce\xa3....\xe8....\xd9\x1d(....)\x8b\xce\xe8....\xd9\x1d _curTimeTarget.AddSignature(26, "89 96 C4 00 00 00", // mov [esi+0C4h], edx "8B 86 C8 00 00 00", // mov eax, [esi+0C8h] "8B CE", // mov ecx, esi "A3 ?? ?? ?? ??", // mov dword_10414AD0, eax "E8 ?? ?? ?? ??", // call sub_100A0F30 "D9 1D ?? ?? ?? ??", // fstp curTime "8B CE", // mov ecx, esi "E8 ?? ?? ?? ??", // call sub_100A0FB0 "D9 1D"); // fstp frametime // l4d2 // \x89\x8f\xc4\x00\x00\x00\x8b\x97\xc8\x00\x00\x00\x8b\xcf\x89\x15....\xe8....\xd9\x1d(....)\x8b\xcf\xe8....\xd9\x1d _curTimeTarget.AddSignature(27, "89 8F C4 00 00 00", // mov [edi+0C4h], ecx "8B 97 C8 00 00 00", // mov edx, [edi+0C8h] "8B CF", // mov ecx, edi "89 15 ?? ?? ?? ??", // mov dword_10422624, edx "E8 ?? ?? ?? ??", // call sub_1008FE40 "D9 1D ?? ?? ?? ??", // fstp curTime "8B CF", // mov ecx, edi "E8 ?? ?? ?? ??", // call sub_1008FEB0 "D9 1D"); // fstp flt_1042261C // hl2 may 29 2014 update // \xa3....\x89\x15....\xe8....\xd9\x1d....\x57\xb9....\xe8....\x8b\x0d....\xd9\x1d _curTimeTarget.AddSignature(18, "A3 ?? ?? ?? ??", // mov dword_103B4AC8, eax "89 15 ?? ?? ?? ??", // mov dword_10452F38, edx "E8 ?? ?? ?? ??", // call sub_100CE610 "D9 1D ?? ?? ?? ??", // fstp curTime "57", // push edi "B9 ?? ?? ?? ??", // mov ecx, offset unk_10452D98 "E8 ?? ?? ?? ??", // call sub_100CE390 "8B 0D ?? ?? ?? ??", // mov ecx, dword_1043686C "D9 1D"); // fstp frametime // CBaseClientState::m_nSignOnState (older engines) _signOnStateTarget1 = new SigScanTarget(); _signOnStateTarget1.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // \x80\x3d....\x00\x74\x06\xb8....\xc3\x83\x3d(....)\x02\xb8....\x7c\x05 _signOnStateTarget1.AddSignature(17, "80 3D ?? ?? ?? ?? 00", // cmp byte_698EE114, 0 "74 06", // jz short loc_6936C8FF "B8 ?? ?? ?? ??", // mov eax, offset aDedicatedServe ; "Dedicated Server" "C3", // retn "83 3D ?? ?? ?? ?? 02", // cmp CBaseClientState__m_nSignonState, 2 "B8 ?? ?? ?? ??"); // mov eax, offset MultiByteStr // CBaseClientState::m_nSignOnState (newer engines) _signOnStateTarget2 = new SigScanTarget(); _signOnStateTarget2.OnFound = (proc, ptr) => { if (!ReadProcessPtr32(proc, ptr, out ptr)) // deref instruction { return(IntPtr.Zero); } if (!ReadProcessPtr32(proc, ptr, out ptr)) // deref ptr { return(IntPtr.Zero); } return(IntPtr.Add(ptr, 0x70)); // this+0x70 = m_nSignOnState }; // \x74.\x8b\x74\x87\x04\x83\x7e\x18\x00\x74\x2d\x8b\x0d(....)\x8b\x49\x18 _signOnStateTarget2.AddSignature(14, "74 ??", // jz short loc_693D4E22 "8B 74 87 04", // mov esi, [edi+eax*4+4] "83 7E 18 00", // cmp dword ptr [esi+18h], 0 "74 2D", // jz short loc_693D4DFC "8B 0D ?? ?? ?? ??", // mov ecx, baseclientstate "8B 49 18"); // mov mov ecx, [ecx+18h] // CBaseServer::m_szMapname[64] _curMapTarget = new SigScanTarget(); _curMapTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // TODO: these signatures arent very generic // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x47\x83.\x50\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebx "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_6947E980 "47", // inc edi "83 ?? 50", // add ebx, 50h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_6947E830 // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x83\xc7\x01\x83.\x50\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebp "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_200CDF8D "83 C7 01", // add edi, 1 "83 ?? 50", // add ebp, 50h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_200CDEC0 // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x47\x81.\xb0\x00\x00\x00\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebp "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_101B2BC1 "47", // inc edi "81 ?? B0 00 00 00", // add ebp, 0B0h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_101B2A62 // hl2 may 29 2014 update // \xc7\x05....\x00\x00\x00\x00\x5f\x84\xc0\x75.\x68....\x51\x68 _curMapTarget.AddSignature(16, "C7 05 ?? ?? ?? ?? 00 00 00 00", // mov dword_103B5BE4, 0 "5F", // pop edi "84 C0", // test al, al "75 ??", // jnz short loc_101AA0C7 "68 ?? ?? ?? ??", // push offset map "51", // push ecx "68"); // push offset aLevelTransitio }
public GameMemory() { // TODO: refine hl2 2014 signatures once an update after the may 29th one is released /*// CBaseServer::(server_state_t)m_State _serverStateTarget = new SigScanTarget(); _serverStateTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // works for every engine.dll // \x83\xf8\x01\x0f\x8c..\x00\x00\x3d\x00\x02\x00\x00\x0f\x8f..\x00\x00\x83\x3d(....)\x02\x7d _serverStateTarget.AddSignature(22, "83 F8 01", // cmp eax, 1 "0F 8C ?? ?? 00 00", // jl loc_200087FB "3D 00 02 00 00", // cmp eax, 200h "0F 8F ?? ?? 00 00", // jg loc_200087FB "83 3d ?? ?? ?? ?? 02", // cmp m_State, 2 "7D"); // jge short loc_200085FD*/ // CGlobalVarsBase::curtime (g_ClientGlobalVariables aka gpGlobals) // hl2 old engine / portal latest / hl2 new engine _curTimeTarget = new SigScanTarget(); _curTimeTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // \xa3....\xb9....\xa3....\xe8....\xd9\x1d(....)\xb9....\xe8....\xd9\x1d _curTimeTarget.AddSignature(22, "A3 ?? ?? ?? ??", // mov dword_2038BA6C, eax "B9 ?? ?? ?? ??", // mov ecx, offset unk_2038B8E8 "A3 ?? ?? ?? ??", // mov dword_2035DDA4, eax "E8 ?? ?? ?? ??", // call sub_20048110 "D9 1D ?? ?? ?? ??", // fstp curTime "B9 ?? ?? ?? ??", // mov ecx, offset unk_2038B8E8 "E8 ?? ?? ?? ??", // call sub_20048130 "D9 1D"); // fstp frametime // dear esther / portal 2 // \x89\x96\xc4\x00\x00\x00\x8b\x86\xc8\x00\x00\x00\x8b\xce\xa3....\xe8....\xd9\x1d(....)\x8b\xce\xe8....\xd9\x1d _curTimeTarget.AddSignature(26, "89 96 C4 00 00 00", // mov [esi+0C4h], edx "8B 86 C8 00 00 00", // mov eax, [esi+0C8h] "8B CE", // mov ecx, esi "A3 ?? ?? ?? ??", // mov dword_10414AD0, eax "E8 ?? ?? ?? ??", // call sub_100A0F30 "D9 1D ?? ?? ?? ??", // fstp curTime "8B CE", // mov ecx, esi "E8 ?? ?? ?? ??", // call sub_100A0FB0 "D9 1D"); // fstp frametime // l4d2 // \x89\x8f\xc4\x00\x00\x00\x8b\x97\xc8\x00\x00\x00\x8b\xcf\x89\x15....\xe8....\xd9\x1d(....)\x8b\xcf\xe8....\xd9\x1d _curTimeTarget.AddSignature(27, "89 8F C4 00 00 00", // mov [edi+0C4h], ecx "8B 97 C8 00 00 00", // mov edx, [edi+0C8h] "8B CF", // mov ecx, edi "89 15 ?? ?? ?? ??", // mov dword_10422624, edx "E8 ?? ?? ?? ??", // call sub_1008FE40 "D9 1D ?? ?? ?? ??", // fstp curTime "8B CF", // mov ecx, edi "E8 ?? ?? ?? ??", // call sub_1008FEB0 "D9 1D"); // fstp flt_1042261C // hl2 may 29 2014 update // \xa3....\x89\x15....\xe8....\xd9\x1d....\x57\xb9....\xe8....\x8b\x0d....\xd9\x1d _curTimeTarget.AddSignature(18, "A3 ?? ?? ?? ??", // mov dword_103B4AC8, eax "89 15 ?? ?? ?? ??", // mov dword_10452F38, edx "E8 ?? ?? ?? ??", // call sub_100CE610 "D9 1D ?? ?? ?? ??", // fstp curTime "57", // push edi "B9 ?? ?? ?? ??", // mov ecx, offset unk_10452D98 "E8 ?? ?? ?? ??", // call sub_100CE390 "8B 0D ?? ?? ?? ??", // mov ecx, dword_1043686C "D9 1D"); // fstp frametime // CBaseClientState::m_nSignOnState (older engines) _signOnStateTarget1 = new SigScanTarget(); _signOnStateTarget1.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // \x80\x3d....\x00\x74\x06\xb8....\xc3\x83\x3d(....)\x02\xb8....\x7c\x05 _signOnStateTarget1.AddSignature(17, "80 3D ?? ?? ?? ?? 00", // cmp byte_698EE114, 0 "74 06", // jz short loc_6936C8FF "B8 ?? ?? ?? ??", // mov eax, offset aDedicatedServe ; "Dedicated Server" "C3", // retn "83 3D ?? ?? ?? ?? 02", // cmp CBaseClientState__m_nSignonState, 2 "B8 ?? ?? ?? ??"); // mov eax, offset MultiByteStr // CBaseClientState::m_nSignOnState (newer engines) _signOnStateTarget2 = new SigScanTarget(); _signOnStateTarget2.OnFound = (proc, ptr) => { if (!ReadProcessPtr32(proc, ptr, out ptr)) // deref instruction return IntPtr.Zero; if (!ReadProcessPtr32(proc, ptr, out ptr)) // deref ptr return IntPtr.Zero; return IntPtr.Add(ptr, 0x70); // this+0x70 = m_nSignOnState }; // \x74.\x8b\x74\x87\x04\x83\x7e\x18\x00\x74\x2d\x8b\x0d(....)\x8b\x49\x18 _signOnStateTarget2.AddSignature(14, "74 ??", // jz short loc_693D4E22 "8B 74 87 04", // mov esi, [edi+eax*4+4] "83 7E 18 00", // cmp dword ptr [esi+18h], 0 "74 2D", // jz short loc_693D4DFC "8B 0D ?? ?? ?? ??", // mov ecx, baseclientstate "8B 49 18"); // mov mov ecx, [ecx+18h] // CBaseServer::m_szMapname[64] _curMapTarget = new SigScanTarget(); _curMapTarget.OnFound = (proc, ptr) => !ReadProcessPtr32(proc, ptr, out ptr) ? IntPtr.Zero : ptr; // TODO: these signatures arent very generic // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x47\x83.\x50\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebx "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_6947E980 "47", // inc edi "83 ?? 50", // add ebx, 50h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_6947E830 // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x83\xc7\x01\x83.\x50\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebp "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_200CDF8D "83 C7 01", // add edi, 1 "83 ?? 50", // add ebp, 50h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_200CDEC0 // \x68(....).\xe8...\x00\x83\xc4\x08\x85\xc0\x0f\x84..\x00\x00\x47\x81.\xb0\x00\x00\x00\x3b\x7e\x18\x7c _curMapTarget.AddSignature(1, "68 ?? ?? ?? ??", // push offset map "??", // push ebp "E8 ?? ?? ?? 00", // call __stricmp "83 C4 08", // add esp, 8 "85 C0", // test eax, eax "0F 84 ?? ?? 00 00", // jz loc_101B2BC1 "47", // inc edi "81 ?? B0 00 00 00", // add ebp, 0B0h "3B 7E 18", // cmp edi, [esi+18h] "7C"); // jl short loc_101B2A62 // hl2 may 29 2014 update // \xc7\x05....\x00\x00\x00\x00\x5f\x84\xc0\x75.\x68....\x51\x68 _curMapTarget.AddSignature(16, "C7 05 ?? ?? ?? ?? 00 00 00 00", // mov dword_103B5BE4, 0 "5F", // pop edi "84 C0", // test al, al "75 ??", // jnz short loc_101AA0C7 "68 ?? ?? ?? ??", // push offset map "51", // push ecx "68"); // push offset aLevelTransitio }