1.2.3

Author: leanleon93

MemoryEditLib2/IPatternFinder.cs

@@ -4,11 +4,12 @@ namespace MemoryEditLib2
 {
     public interface IPatternFinder
     {
-        IntPtr GetAddressForString(string text, Encoding encoding, int minAddr = 0);
+        IntPtr GetAddressForString(string text, Encoding encoding, ulong minAddr = 0, ulong maxAddr = 0);
         List<IntPtr> GetAddressesForString(string text, Encoding encoding, int minAddr = 0);
         IntPtr GetAddressForStringInModule(string moduleName, string text, Encoding encoding, long maxBufferSize = -1, long offsetAddress = 0);
-        IntPtr GetAddressForPattern(string pattern, int minAddr = 0);
-        unsafe IntPtr GetAddressForPattern(byte[] pattern, int minAddr = 0);
+        IntPtr GetAddressForPattern(string pattern, ulong minAddr = 0, ulong maxAddr = 0);
+        unsafe IntPtr GetAddressForPatternWithWildcards(string pattern, ulong minAddr = 0);
+        unsafe IntPtr GetAddressForPattern(byte[] pattern, ulong minAddr = 0, ulong maxAddr = 0);
         IntPtr GetAddressForPatternInModule(string moduleName, string pattern, long maxBufferSize = -1, long offsetAddress = 0);
         IntPtr GetAddressForPatternInModule(string moduleName, byte[] pattern, long maxBufferSize = -1, long offsetAddress = 0);
         IntPtr GetAddressForPatternInModuleWithWildcards(string moduleName, string pattern, long maxBufferSize = -1, long offsetAddress = 0);

MemoryEditLib2/MemoryEditLib2.csproj

@@ -9,7 +9,7 @@
     <Authors>LEaN</Authors>
     <Description>Read, Pattern Search, Edit Process Memory</Description>
     <Copyright>LEaN</Copyright>
-    <Version>1.2.2</Version>
+    <Version>1.2.3</Version>
     <RepositoryUrl>https://github.com/leanleon93/MemoryEditLib2</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
     <NeutralLanguage>en</NeutralLanguage>

MemoryEditLib2/Windows/WindowsPatternFinder.cs

@@ -9,6 +9,9 @@ public class WindowsPatternFinder(MemoryEditorConfig config) : IPatternFinder
     {
         private const int MEM_COMMIT = 0x00001000;
         private const int PAGE_READWRITE = 0x04;
+        private const int PAGE_EXECUTE_READ = 0x20;
+        private const int PAGE_READONLY = 0x02;
+        private const int PAGE_EXECUTE_READWRITE = 0x40;
 
         private IntPtr _processHandle { get; } = config.ProcessHandle;
         private Process _process { get; } = config.Process;
@@ -73,12 +76,12 @@ unsafe public List<IntPtr> GetAddressesForPattern(byte[] pattern, int minAddr =
             return returnVal;
         }
 
-        public IntPtr GetAddressForPattern(string pattern, int minAddr = 0)
+        public IntPtr GetAddressForPattern(string pattern, ulong minAddr = 0, ulong maxAddr = 0)
         {
-            return GetAddressForPattern(DataConverter.HexStringToByteArray(pattern), minAddr);
+            return GetAddressForPattern(DataConverter.HexStringToByteArray(pattern), minAddr, maxAddr);
         }
 
-        unsafe public IntPtr GetAddressForPattern(byte[] pattern, int minAddr = 0)
+        unsafe public IntPtr GetAddressForPattern(byte[] pattern, ulong minAddr = 0, ulong maxAddr = 0)
         {
             var handle = _processHandle;
             SYSTEM_INFO sys_info = new SYSTEM_INFO();
@@ -97,10 +100,12 @@ unsafe public IntPtr GetAddressForPattern(byte[] pattern, int minAddr = 0)
 
             while (proc_min_address_l < proc_max_address_l)
             {
+                if (_process.HasExited)
+                    throw new InvalidOperationException("Process has exited.");
                 // 28 = sizeof(MEMORY_BASIC_INFORMATION)
                 Kernel32Wrapper.VirtualQueryEx(handle, proc_min_address, out mem_basic_info, (uint)sizeof(MEMORY_BASIC_INFORMATION));
 
-                if (mem_basic_info.BaseAddress.ToInt64() > minAddr)
+                if (mem_basic_info.BaseAddress.ToInt64() > (long)minAddr && (maxAddr <= 0 || mem_basic_info.BaseAddress.ToInt64() <= (long)maxAddr))
                 {
 
                     // if this memory chunk is accessible
@@ -124,6 +129,8 @@ unsafe public IntPtr GetAddressForPattern(byte[] pattern, int minAddr = 0)
                 // move to the next memory chunk
                 proc_min_address_l += mem_basic_info.RegionSize.ToInt64();
                 proc_min_address = new IntPtr(proc_min_address_l);
+                if (mem_basic_info.BaseAddress == 0 && mem_basic_info.RegionSize == 0)
+                    throw new InvalidOperationException("Process invalid.");
             }
 
             return IntPtr.Zero;
@@ -153,10 +160,10 @@ public nint GetAddressForPatternInModule(string moduleName, byte[] pattern, long
             return IntPtr.Zero;
         }
 
-        public IntPtr GetAddressForString(string text, Encoding encoding, int minAddr = 0)
+        public IntPtr GetAddressForString(string text, Encoding encoding, ulong minAddr = 0, ulong maxAddr = 0)
         {
             var asBytes = encoding.GetBytes(text);
-            return GetAddressForPattern(asBytes, minAddr);
+            return GetAddressForPattern(asBytes, minAddr, maxAddr);
         }
 
         public List<IntPtr> GetAddressesForString(string text, Encoding encoding, int minAddr = 0)
@@ -216,6 +223,84 @@ private static List<int> SearchPatternMulti(byte[] src, byte[] pattern)
             return returnData;
         }
 
+        unsafe public nint GetAddressForPatternWithWildcards(string pattern, ulong minAddr = 0)
+        {
+            byte[] convertedByteArray = ConvertPattern(pattern);
+            var handle = _processHandle;
+            SYSTEM_INFO sys_info = new SYSTEM_INFO();
+            Kernel32Wrapper.GetSystemInfo(out sys_info);
+
+            IntPtr proc_min_address = sys_info.minimumApplicationAddress;
+            IntPtr proc_max_address = sys_info.maximumApplicationAddress;
+
+            // saving the values as long ints so I won't have to do a lot of casts later
+            long proc_min_address_l = (long)proc_min_address;
+            long proc_max_address_l = (long)proc_max_address;
+
+
+            MEMORY_BASIC_INFORMATION mem_basic_info = new MEMORY_BASIC_INFORMATION();
+            IntPtr bytesRead = IntPtr.Zero;  // number of bytes read with ReadProcessMemory
+
+            while (proc_min_address_l < proc_max_address_l)
+            {
+                if (_process.HasExited)
+                    throw new InvalidOperationException("Process has exited.");
+                // 28 = sizeof(MEMORY_BASIC_INFORMATION)
+                Kernel32Wrapper.VirtualQueryEx(handle, proc_min_address, out mem_basic_info, (uint)sizeof(MEMORY_BASIC_INFORMATION));
+
+                if (mem_basic_info.BaseAddress.ToInt64() > (long)minAddr)
+                {
+
+                    // if this memory chunk is accessible
+                    if ((mem_basic_info.Protect == PAGE_READWRITE ||
+                        mem_basic_info.Protect == PAGE_EXECUTE_READ ||
+                        mem_basic_info.Protect == PAGE_READONLY ||
+                        mem_basic_info.Protect == PAGE_EXECUTE_READWRITE)
+                        && mem_basic_info.State == MEM_COMMIT)
+                    {
+                        byte[] buffer = new byte[mem_basic_info.RegionSize.ToInt64()];
+
+                        // read everything in the buffer above
+                        Kernel32Wrapper.ReadProcessMemory(handle, mem_basic_info.BaseAddress, buffer, buffer.Length, out bytesRead);
+                        if (bytesRead.ToInt64() > 0)
+                        {
+                            var ret = SearchPatternWithWildcards(buffer, convertedByteArray);
+                            if (ret > -1)
+                            {
+                                return new IntPtr(mem_basic_info.BaseAddress.ToInt64() + (nint)ret);
+                            }
+                        }
+                    }
+                }
+                // move to the next memory chunk
+                proc_min_address_l += mem_basic_info.RegionSize.ToInt64();
+                proc_min_address = new IntPtr(proc_min_address_l);
+                if (mem_basic_info.BaseAddress == 0 && mem_basic_info.RegionSize == 0)
+                    throw new InvalidOperationException("Process invalid.");
+            }
+
+            return IntPtr.Zero;
+        }
+
+        private static int SearchPatternWithWildcards(byte[] src, byte[] pattern)
+        {
+            int c = src.Length - pattern.Length + 1;
+            int j;
+            for (int i = 0; i < c; i++)
+            {
+                if (pattern[0] != 0x00 && src[i] != pattern[0])
+                    continue;
+                for (j = pattern.Length - 1; j >= 1; j--)
+                {
+                    if (pattern[j] != 0x00 && src[i + j] != pattern[j])
+                        break;
+                }
+                if (j == 0)
+                    return i;
+            }
+            return -1;
+        }
+
         public IntPtr GetAddressForPatternInModuleWithWildcards(string moduleName, string pattern, long maxBufferSize = -1, long offsetAddress = 0)
         {
             byte[] convertedByteArray = ConvertPattern(pattern);