hearthbuddy中的一段代码

// Token: 0x06001A79 RID: 6777 RVA: 0x000DD024 File Offset: 0x000DB224
internal IntPtr method_33(IntPtr intptr_37, string string_0, params Class276.Enum20[] enum20_0)
{
while (intptr_37 != IntPtr.Zero)
{
using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory())
{
allocatedMemory.AllocateOfChunk<IntPtr>("Itr");
IntPtr intPtr;
while ((intPtr = this.method_35(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero)
{
IntPtr address = this.method_37(intPtr);
if (this.externalProcessMemory_0.ReadStringA(address) == string_0)
{
if (enum20_0 != null)
{
Class276.Enum20[] array = this.method_31(intPtr);
if (array.Length != enum20_0.Length || !array.SequenceEqual(enum20_0))
{
continue;
}
}
return intPtr;
}
}
intptr_37 = this.method_25(intptr_37);
}
}
return IntPtr.Zero;
}

// Token: 0x04000D28 RID: 3368
        private readonly ExternalProcessMemory externalProcessMemory_0;

public class ExternalProcessMemory : MemoryBase

// Token: 0x06000157 RID: 343 RVA: 0x0036DA50 File Offset: 0x00362E50
public AllocatedMemory CreateAllocatedMemory(int bytes)
{
return new AllocatedMemory(this, bytes);
}
// Token: 0x060000C1 RID: 193 RVA: 0x0036F644 File Offset: 0x00364A44
public void AllocateOfChunk(string allocatedName, int bytes)
{
IntPtr value = (IntPtr)this._currentOffset;
this._allocated.Add(allocatedName, value);
this._currentOffset += bytes;
ref int ptr = ref this._currentOffset;
int num = ptr;
int num2 = num % ;
if (num2 != )
{
ptr = num - num2 + ;
}
} // Token: 0x060000C2 RID: 194 RVA: 0x0036D637 File Offset: 0x00362A37
public void AllocateOfChunk<T>(string allocatedName) where T : struct
{
this.AllocateOfChunk(allocatedName, MarshalCache<T>.Size);
}

出处

https://github.com/lolp1/Process.NET   这个项目的致谢名单里有提到

GreyMagic - The best of both worlds, and then some

Download: https://dl.dropbox.com/u/2068143/GreyMagic.7z

So, I wrote this a while back for our bots (Honorbuddy, Demonbuddy,
BuddyWing, etc). It's a full-featured memory lib for both in and out of
process memory handling. Performance tests show that it's barely a tick
slower than calling ReadProcessMemory directly on simple data types, and
slightly over a tick slower than reading structures. (Write speeds have
not been tested, as writing is not done nearly as often)

The following are for perf tests over 1 million iterations:

Read<int>(addr, relative: true) - 4.57 ticks
ReadProcessMemory (direct) - 3.54 ticks
Deref on ReadBytes(addr, relative: true) - 3.90 ticks
Read<NonMarshalStruct>(addr, relative: true) - 5.06 ticks
Read<MarshalStruct>(addr, relative: true) - 6.48 ticks

The library itself implements a neat little trick to avoid using the
marshaler wherever possible. MarshalCache<T> provides a way to
cache certain data for types (size, typeof(), whether the type needs to
be run through the marshaler, etc), as well as implements a way for C#
to take a pointer to a generic type. (You can't do &T in C#...
well... at least you couldn't)

The lib itself takes into account quite a few things, and should
hopefully be plug-and-play ready. It includes a few other things that
aren't really useful (but tossed in for the sake of tossing it in). I
will be adding more features in the future (it lacks a pattern scanner).
Feel free to use and abuse, please let me know of any bugs you run
into.

In-process memory class: InProcessMemoryReader
OOP memory class: ExternalProcessMemoryReader

Enjoy folks!

GreyMagic的更多相关文章

  1. Web安全工具大汇聚

    http://www.owasp.org/index.PHP/Phoenix/Tools http://sebug.net/paper/other/Web安全工具大汇聚.txt =========== ...

  2. 跨站脚本(XSS)备忘单-2019版

    这是一份跨站脚本(XSS)备忘录,收集了大量的XSS攻击向量,包含了各种事件处理.通讯协议.特殊属性.限制字符.编码方式.沙箱逃逸等技巧,可以帮助渗透测试人员绕过WAF和过滤机制. 译者注:原文由Po ...

  3. HearthBuddy炉石兄弟 Method 'Entity.GetRace' not found.

    解决方案 namespace Triton.Game.Mapping{// Token: 0x020004A4 RID: 1188[Attribute38("Entity")]pu ...

  4. HearthBuddy Plugin编写遇到的问题

    错误1 赋值问题 貌似编译器版本有点低,无法识别C#的高级语法糖 属性的初始值,必须是public bool IsEnabled { get{return true;} } 不能写成public bo ...

  5. github搜索不到代码的问题

    Hi team, Please check the following three query url :https://github.com/Konctantin/GreyMagic/search? ...

  6. HearthBuddy炉石兄弟 Method 'CollectionDeckBoxVisual.IsValid' not found.

    [CollectionManagerScene_COLLECTION] An exception occurred when calling CacheCustomDecks: System.Miss ...

  7. HearthBuddy 第一次调试

    HearthBuddy https://www.jiligame.com/70639.html 解压缩包,打开hearthbuddy.exe直接运行就可以:不用替换mono.dll直接可用:不需要校验 ...

随机推荐

  1. chrome 浏览器安装 postman

    chrome 浏览器安装 postman(插件下载见文章末尾) 1.安装方法 将下载的crx插件拖拽到chrome浏览器即可安装成功. 2.特殊情况 问题: chrome73版本后拖拽安装chrome ...

  2. 目标 - 在虚拟机CentOS7中无图形界面安装Oracle11G R2版本

    参考: https://www.cnblogs.com/yejingcn/p/10278473.html centos7启动oracle su - oracle //切换到自己的oracle账户 ls ...

  3. react 在新窗口 打开页面

    遇到这个需求 首先通过 Link a去尝试直接跳转.发现2个问题 1.Link跳转 会自动进行登录校验,我设想是路由没有匹配到,去验证后大致排除了. 因为这个链接 直接粘贴到浏览器 是可以访问到的. ...

  4. linux下mysql忘记密码解决方案

    一.写随笔的原因:之前自己服务器上的mysql很久不用了,忘记了密码,所以写一下解决方案,以供以后参考 二.具体的内容: 1. 检查mysql服务是否启动,如果启动,关闭mysql服务 运行命令:ps ...

  5. Delphi MaskEdit 组件

  6. hadoop工作流程

    一)任务流程 1)Mapreduce程序启动一个Jobclient实例,开启整个mapreduce作业 2)Jobclient通过getnewjobld()j接口向Jobtarker发出请求,以获得一 ...

  7. PAT Basic 1016 部分A+B (15 分)

    正整数 A 的“D​A​​(为 1 位整数)部分”定义为由 A 中所有 D​A​​ 组成的新整数 P​A​​.例如:给定 8,D​A​​=6,则 A 的“6 部分”P​A​​ 是 66,因为 A 中有 ...

  8. 标准C语言(11)

    多文件编程时一个文件里可以包含多个函数,一个函数只能属于一个文件 /* * 多文件编程演示 * */ #include <stdio.h> #include "01add.h&q ...

  9. 微信小程序 点击事件 传递参数

    wxml: data-参数名="值" bindtap="函数名" <view class="buy-button {{cap_select == ...

  10. 对组件、Prop 和 State的研究-----------------引用

    组件 第一步是将 UI 分解成多个组件.例如,我们可以这样来拆分房子: 现在来编码! House:  <div>    <Roof />     // 房顶    <Wa ...