-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathPointerSearcher.cs
78 lines (73 loc) · 3 KB
/
PointerSearcher.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
using System;
using System.Collections.Generic;
using System.IO;
using System.Windows.Forms;
namespace TempAR
{
internal class PointerSearcher
{
private string _memdump_path;
private uint _memory_start;
private uint _memory_end;
public uint[] MemoryDump { get; private set; }
public PointerSearcher(string memdump_path, uint memory_start)
{
_memdump_path = memdump_path;
_memory_start = memory_start;
}
public List<PointerSearcherLog> FindPointers(
uint address,
uint max_offset)
{
if (MemoryDump == null)
LoadMemoryDump();
if (MemoryDump == null)
return null;
var pointerSearcherLogList = new List<PointerSearcherLog>();
if (address < _memory_start)
address += _memory_start;
if (address > _memory_end)
{
MessageBox.Show("Address value is too large, please input a smaller value for the address.");
return pointerSearcherLogList;
}
for (int index = 0; index < MemoryDump.Length; ++index)
{
if (MemoryDump[index] >= _memory_start && MemoryDump[index] <= _memory_end)
{
if (MemoryDump[index] <= address && MemoryDump[index] >= address - max_offset)
{
pointerSearcherLogList.Add(new PointerSearcherLog((uint)(index * 4) + _memory_start, (uint)(0x100000000UL - (MemoryDump[index] - address)), MemoryDump[index], false, _memory_start));
}
else if (MemoryDump[index] >= address && MemoryDump[index] <= address + max_offset)
{
pointerSearcherLogList.Add(new PointerSearcherLog((uint)(index * 4) + _memory_start, MemoryDump[index] - address, MemoryDump[index], true, _memory_start));
}
}
}
return pointerSearcherLogList;
}
public uint GetPointerAddress(uint address, uint offset, bool negative)
{
if (MemoryDump == null) LoadMemoryDump();
if (MemoryDump == null) return 0;
address -= _memory_start;
address /= 4U;
if (address > MemoryDump.Length || MemoryDump[address] < _memory_start || MemoryDump[address] > _memory_end) return 0;
if (!negative) return MemoryDump[address] + offset;
return MemoryDump[address] - offset;
}
private void LoadMemoryDump()
{
if (!File.Exists(_memdump_path))
return;
var numArray = File.ReadAllBytes(_memdump_path);
if (numArray.Length % 4 == 0)
{
MemoryDump = new uint[numArray.Length / 4];
Buffer.BlockCopy((Array)numArray, 0, (Array)MemoryDump, 0, numArray.Length);
}
_memory_end = _memory_start + (uint)numArray.Length;
}
}
}