|
public static FindTimestampsFlash ( byte array, int bytesRead ) : IEnumerable |
||
| array | byte | |
| bytesRead | int | |
| return | IEnumerable |
|
public static void ReadMemoryWhiteList(Process process, Dictionary <int, HashSet <long> > newWhitelistedAddresses, bool flashClient, ReadMemoryResults results)
{
HashSet <long> whitelist;
if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist))
{
return;
}
IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
int bytesRead = 0; // number of bytes read with ReadProcessMemory
foreach (long addr in whitelist)
{
IntPtr proc_min_address = new IntPtr(addr);
MEMORY_BASIC_INFORMATION mem_basic_info;
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize)
{
memoryBuffer = new byte[mem_basic_info.RegionSize];
}
// read everything in the buffer above
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead);
// scan the memory for strings that start with timestamps and end with the null terminator ('\0')
IEnumerable <string> timestampLines;
if (!flashClient)
{
timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead);
}
else
{
timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead);
}
SearchChunk(timestampLines, results);
}
}
}
/// <summary>
/// Scan the memory for any chunks that are missing from the whitelist table
/// </summary>
public static void ScanMissingChunks()
{
SYSTEM_INFO sys_info;
GetSystemInfo(out sys_info);
IntPtr proc_min_address = sys_info.minimumApplicationAddress;
IntPtr proc_max_address = sys_info.maximumApplicationAddress;
long proc_min_address_l = (long)proc_min_address;
long proc_max_address_l = (long)proc_max_address;
long sys_min_address_l = (long)proc_min_address;
Process[] processes = ProcessManager.GetTibiaProcesses();
if (processes == null || processes.Length == 0)
{
// Tibia process could not be found, wait for a bit and return
Thread.Sleep(250);
return;
}
flashClient = ProcessManager.IsFlashClient();
foreach (Process process in processes)
{
if (!whitelistedAddresses.ContainsKey(process.Id))
{
whitelistedAddresses.Add(process.Id, new List <long>());
}
List <long> whitelist = whitelistedAddresses[process.Id];
proc_min_address_l = sys_min_address_l;
IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
MEMORY_BASIC_INFORMATION mem_basic_info = new MEMORY_BASIC_INFORMATION();
int bytesRead = 0; // number of bytes read with ReadProcessMemory
int scanSpeed = SettingsManager.getSettingInt("ScanSpeed");
try {
while (proc_min_address_l < proc_max_address_l)
{
proc_min_address = new IntPtr(proc_min_address_l);
// 28 = sizeof(MEMORY_BASIC_INFORMATION)
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);
long addr = (long)proc_min_address;
// check if this memory chunk is accessible
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
if (!whitelist.Contains(addr))
{
if (missingChunksBuffer == null || missingChunksBuffer.Length < mem_basic_info.RegionSize)
{
missingChunksBuffer = new byte[mem_basic_info.RegionSize];
}
// read everything in the buffer above
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, missingChunksBuffer, mem_basic_info.RegionSize, ref bytesRead);
// scan the memory for strings that start with timestamps and end with the null terminator ('\0')
IEnumerable <string> timestampLines;
if (!flashClient)
{
timestampLines = Parser.FindTimestamps(missingChunksBuffer, bytesRead);
}
else
{
timestampLines = Parser.FindTimestampsFlash(missingChunksBuffer, bytesRead);
}
// if there are any timestamps found, add the address to the list of whitelisted addresses
foreach (string str in timestampLines)
{
whitelist.Add(addr);
break;
}
// performance throttling sleep after every scan (depending on scanSpeed setting)
if (!initialScan)
{
Thread.Sleep(10 + scanSpeed);
}
else if (scanSpeed > 50)
{
Thread.Sleep(scanSpeed - 50);
}
}
}
// move to the next memory chunk
proc_min_address_l += mem_basic_info.RegionSize;
}
} catch (Exception ex) {
Console.WriteLine(ex.Message);
return;
}
}
initialScan = false;
}
public static ReadMemoryResults ReadMemory()
{
ReadMemoryResults results = null;
SYSTEM_INFO sys_info = new SYSTEM_INFO();
GetSystemInfo(out sys_info);
IntPtr proc_min_address = sys_info.minimumApplicationAddress;
IntPtr proc_max_address = sys_info.maximumApplicationAddress;
long proc_min_address_l = (long)proc_min_address;
long proc_max_address_l = (long)proc_max_address;
Process[] processes = ProcessManager.GetTibiaProcesses();
if (processes == null || processes.Length == 0)
{
// Tibia process could not be found, wait for a bit and return
Thread.Sleep(250);
return(null);
}
int scanSpeed = SettingsManager.getSettingInt("ScanSpeed");
results = new ReadMemoryResults();
flashClient = ProcessManager.IsFlashClient();
foreach (Process process in processes)
{
if (!whitelistedAddresses.ContainsKey(process.Id))
{
continue;
}
List <long> whitelist = whitelistedAddresses[process.Id];
IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
int bytesRead = 0; // number of bytes read with ReadProcessMemory
for (int i = 0; i < whitelist.Count; i++)
{
long addr = whitelist[i];
if (addr < 0)
{
continue;
}
proc_min_address = new IntPtr(addr);
MEMORY_BASIC_INFORMATION mem_basic_info;
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize)
{
memoryBuffer = new byte[mem_basic_info.RegionSize];
}
// read everything in the buffer above
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead);
// scan the memory for strings that start with timestamps and end with the null terminator ('\0')
IEnumerable <string> timestampLines;
if (!flashClient)
{
timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead);
}
else
{
timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead);
}
if (!SearchChunk(timestampLines, results))
{
whitelist[i] = -1;
}
// performance throttling sleep after every scan (depending on scanSpeed setting)
if (scanSpeed > 0)
{
Thread.Sleep(scanSpeed);
}
}
}
process.Dispose();
}
FinalCleanup(results);
return(results);
}
public static ReadMemoryResults ReadMemory()
{
ReadMemoryResults results = null;
SYSTEM_INFO sys_info;
GetSystemInfo(out sys_info);
IntPtr proc_min_address = sys_info.minimumApplicationAddress;
IntPtr proc_max_address = sys_info.maximumApplicationAddress;
long proc_min_address_l = (long)proc_min_address;
long proc_max_address_l = (long)proc_max_address;
Process[] processes = ProcessManager.GetTibiaProcesses();
if (processes == null || processes.Length == 0)
{
return(null);
}
results = new ReadMemoryResults();
flashClient = ProcessManager.IsFlashClient();
Dictionary <int, HashSet <long> > newWhitelistedAddresses = null;
Interlocked.Exchange(ref newWhitelistedAddresses, whiteListedAddresses);
foreach (Process process in processes)
{
HashSet <long> whitelist;
if (!newWhitelistedAddresses.TryGetValue(process.Id, out whitelist))
{
continue;
}
IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id);
int bytesRead = 0; // number of bytes read with ReadProcessMemory
foreach (long addr in whitelist)
{
proc_min_address = new IntPtr(addr);
MEMORY_BASIC_INFORMATION mem_basic_info;
VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28);
if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT)
{
if (memoryBuffer == null || memoryBuffer.Length < mem_basic_info.RegionSize)
{
memoryBuffer = new byte[mem_basic_info.RegionSize];
}
// read everything in the buffer above
ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, memoryBuffer, mem_basic_info.RegionSize, ref bytesRead);
// scan the memory for strings that start with timestamps and end with the null terminator ('\0')
IEnumerable <string> timestampLines;
if (!flashClient)
{
timestampLines = Parser.FindTimestamps(memoryBuffer, bytesRead);
}
else
{
timestampLines = Parser.FindTimestampsFlash(memoryBuffer, bytesRead);
}
SearchChunk(timestampLines, results);
}
}
process.Dispose();
}
FinalCleanup(results);
return(results);
}