diff --git a/Bit Slicer/ZGSearchFunctions.mm b/Bit Slicer/ZGSearchFunctions.mm index edac30f5..a28a19d0 100644 --- a/Bit Slicer/ZGSearchFunctions.mm +++ b/Bit Slicer/ZGSearchFunctions.mm @@ -2209,7 +2209,7 @@ static void ZGRetrieveIndirectAddressInformation(const void *indirectResult, NSA } } -static bool ZGEvaluateIndirectAddress(ZGMemoryAddress *outAddress, ZGMemoryMap processTask, const void *indirectResult, NSArray * __unsafe_unretained headerAddresses, ZGMemoryAddress minPointerAddress, ZGMemoryAddress maxPointerAddress, ZGRegionValue *regionValuesTable, ZGMemorySize regionValuesTableCount, uint16_t *outNumberOfLevels, uint16_t *outBaseImageIndex, int32_t *outOffsets, ZGMemoryAddress *outBaseAddresses, ZGMemoryAddress *outNextRecurseSearchAddress) +static bool ZGEvaluateIndirectAddress(ZGMemoryAddress *outAddress, ZGMemoryMap processTask, const void *indirectResult, NSArray * __unsafe_unretained headerAddresses, ZGMemoryAddress minPointerAddress, ZGMemoryAddress maxPointerAddress, ZGRegionValue *regionValuesTable, ZGMemorySize regionValuesTableCount, bool allowUpdatingRegionValuesTable, uint16_t *outNumberOfLevels, uint16_t *outBaseImageIndex, int32_t *outOffsets, ZGMemoryAddress *outBaseAddresses, ZGMemoryAddress *outNextRecurseSearchAddress) { // Struct { @@ -2308,17 +2308,25 @@ static bool ZGEvaluateIndirectAddress(ZGMemoryAddress *outAddress, ZGMemoryMap p EVALUATE_INDIRECT_ADDRESS_FOUND_MATCH: if (regionValueEntry->bytes == nullptr) { - ZGMemorySize newSize = regionValueEntry->size; - void *newBytes = nullptr; - if (!ZGReadBytes(processTask, regionValueEntry->address, &newBytes, &newSize)) + if (!allowUpdatingRegionValuesTable) { validAddress = false; break; } else { - regionValueEntry->size = newSize; - regionValueEntry->bytes = newBytes; + ZGMemorySize newSize = regionValueEntry->size; + void *newBytes = nullptr; + if (!ZGReadBytes(processTask, regionValueEntry->address, &newBytes, &newSize)) + { + validAddress = false; + break; + } + else + { + regionValueEntry->size = newSize; + regionValueEntry->bytes = newBytes; + } } } @@ -2661,7 +2669,7 @@ static int _sortPointerMapTable(const void *entry1, const void *entry2) { ZGMemoryAddress currentAddress; - bool evaluatedIndirectAddress = ZGEvaluateIndirectAddress(¤tAddress, processTask, previousIndirectResult, headerAddresses, minPointerValue, maxPointerValue, narrowRegionsTable, narrowRegionsTableCount, &numberOfLevels, &baseImageIndex, currentOffsets, currentBaseAddresses, &nextRecurseSearchAddress); + bool evaluatedIndirectAddress = ZGEvaluateIndirectAddress(¤tAddress, processTask, previousIndirectResult, headerAddresses, minPointerValue, maxPointerValue, narrowRegionsTable, narrowRegionsTableCount, false, &numberOfLevels, &baseImageIndex, currentOffsets, currentBaseAddresses, &nextRecurseSearchAddress); if (!evaluatedIndirectAddress || currentAddress != searchAddress) { @@ -3786,7 +3794,7 @@ bool ZGByteArrayNotEquals(ZGSearchData *__unsafe_unretained searchData, T * __re const uint8_t *resultBytes = resultSetBytes + resultIndex * indirectResultsStride; ZGMemoryAddress address; - if (!ZGEvaluateIndirectAddress(&address, processTask, resultBytes, headerAddresses, minPointerAddress, maxPointerAddress, regionValues, regionValuesCount, nullptr, nullptr, nullptr, nullptr, nullptr)) + if (!ZGEvaluateIndirectAddress(&address, processTask, resultBytes, headerAddresses, minPointerAddress, maxPointerAddress, regionValues, regionValuesCount, true, nullptr, nullptr, nullptr, nullptr, nullptr)) { address = 0x0; }