hearthbuddy中的一段代码

  1. // Token: 0x06001A79 RID: 6777 RVA: 0x000DD024 File Offset: 0x000DB224
  2.         internal IntPtr method_33(IntPtr intptr_37, string string_0, params Class276.Enum20[] enum20_0)
  3.         {
  4.             while (intptr_37 != IntPtr.Zero)
  5.             {
  6.                 using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory())
  7.                 {
  8.                     allocatedMemory.AllocateOfChunk<IntPtr>("Itr");
  9.                     IntPtr intPtr;
  10.                     while ((intPtr = this.method_35(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero)
  11.                     {
  12.                         IntPtr address = this.method_37(intPtr);
  13.                         if (this.externalProcessMemory_0.ReadStringA(address) == string_0)
  14.                         {
  15.                             if (enum20_0 != null)
  16.                             {
  17.                                 Class276.Enum20[] array = this.method_31(intPtr);
  18.                                 if (array.Length != enum20_0.Length || !array.SequenceEqual(enum20_0))
  19.                                 {
  20.                                     continue;
  21.                                 }
  22.                             }
  23.                             return intPtr;
  24.                         }
  25.                     }
  26.                     intptr_37 = this.method_25(intptr_37);
  27.                 }
  28.             }
  29.             return IntPtr.Zero;
  30.         }

// Token: 0x04000D28 RID: 3368
        private readonly ExternalProcessMemory externalProcessMemory_0;

public class ExternalProcessMemory : MemoryBase

  1. // Token: 0x06000157 RID: 343 RVA: 0x0036DA50 File Offset: 0x00362E50
  2.         public AllocatedMemory CreateAllocatedMemory(int bytes)
  3.         {
  4.             return new AllocatedMemory(this, bytes);
  5.         }
  1. // Token: 0x060000C1 RID: 193 RVA: 0x0036F644 File Offset: 0x00364A44
  2.         public void AllocateOfChunk(string allocatedName, int bytes)
  3.         {
  4.             IntPtr value = (IntPtr)this._currentOffset;
  5.             this._allocated.Add(allocatedName, value);
  6.             this._currentOffset += bytes;
  7.             ref int ptr = ref this._currentOffset;
  8.             int num = ptr;
  9.             int num2 = num % ;
  10.             if (num2 != )
  11.             {
  12.                 ptr = num - num2 + ;
  13.             }
  14.         }
  15.  
  16.         // Token: 0x060000C2 RID: 194 RVA: 0x0036D637 File Offset: 0x00362A37
  17.         public void AllocateOfChunk<T>(string allocatedName) where T : struct
  18.         {
  19.             this.AllocateOfChunk(allocatedName, MarshalCache<T>.Size);
  20.         }

出处

https://github.com/lolp1/Process.NET   这个项目的致谢名单里有提到

GreyMagic - The best of both worlds, and then some

Download: https://dl.dropbox.com/u/2068143/GreyMagic.7z

So, I wrote this a while back for our bots (Honorbuddy, Demonbuddy,
BuddyWing, etc). It's a full-featured memory lib for both in and out of
process memory handling. Performance tests show that it's barely a tick
slower than calling ReadProcessMemory directly on simple data types, and
slightly over a tick slower than reading structures. (Write speeds have
not been tested, as writing is not done nearly as often)

The following are for perf tests over 1 million iterations:

Read<int>(addr, relative: true) - 4.57 ticks
ReadProcessMemory (direct) - 3.54 ticks
Deref on ReadBytes(addr, relative: true) - 3.90 ticks
Read<NonMarshalStruct>(addr, relative: true) - 5.06 ticks
Read<MarshalStruct>(addr, relative: true) - 6.48 ticks

The library itself implements a neat little trick to avoid using the
marshaler wherever possible. MarshalCache<T> provides a way to
cache certain data for types (size, typeof(), whether the type needs to
be run through the marshaler, etc), as well as implements a way for C#
to take a pointer to a generic type. (You can't do &T in C#...
well... at least you couldn't)

The lib itself takes into account quite a few things, and should
hopefully be plug-and-play ready. It includes a few other things that
aren't really useful (but tossed in for the sake of tossing it in). I
will be adding more features in the future (it lacks a pattern scanner).
Feel free to use and abuse, please let me know of any bugs you run
into.

In-process memory class: InProcessMemoryReader
OOP memory class: ExternalProcessMemoryReader

Enjoy folks!

GreyMagic的更多相关文章

  1. Web安全工具大汇聚

    http://www.owasp.org/index.PHP/Phoenix/Tools http://sebug.net/paper/other/Web安全工具大汇聚.txt =========== ...

  2. 跨站脚本(XSS)备忘单-2019版

    这是一份跨站脚本(XSS)备忘录,收集了大量的XSS攻击向量,包含了各种事件处理.通讯协议.特殊属性.限制字符.编码方式.沙箱逃逸等技巧,可以帮助渗透测试人员绕过WAF和过滤机制. 译者注:原文由Po ...

  3. HearthBuddy炉石兄弟 Method 'Entity.GetRace' not found.

    解决方案 namespace Triton.Game.Mapping{// Token: 0x020004A4 RID: 1188[Attribute38("Entity")]pu ...

  4. HearthBuddy Plugin编写遇到的问题

    错误1 赋值问题 貌似编译器版本有点低,无法识别C#的高级语法糖 属性的初始值,必须是public bool IsEnabled { get{return true;} } 不能写成public bo ...

  5. github搜索不到代码的问题

    Hi team, Please check the following three query url :https://github.com/Konctantin/GreyMagic/search? ...

  6. HearthBuddy炉石兄弟 Method 'CollectionDeckBoxVisual.IsValid' not found.

    [CollectionManagerScene_COLLECTION] An exception occurred when calling CacheCustomDecks: System.Miss ...

  7. HearthBuddy 第一次调试

    HearthBuddy https://www.jiligame.com/70639.html 解压缩包,打开hearthbuddy.exe直接运行就可以:不用替换mono.dll直接可用:不需要校验 ...

随机推荐

  1. 测试用例管理工具-TestLink

    TestLink是基于web的测试用例管理系统,主要功能是测试用例的创建.管理和执行,并且还提供了一些简单的统计功能,主要功能包括: 测试需求管理 测试用例管理 测试用例对测试需求的覆盖管理 测试计划 ...

  2. MySQL之数据库优化

    Mysql数据库的优化技术 对mysql优化是一个综合性的技术,主要包括 •表的设计合理化(符合3NF) •添加适当索引(index) [四种: 普通索引.主键索引.唯一索引unique.全文索引] ...

  3. redis弱密码漏洞利用

    背景: redis无认证,或者弱密码,可以成功连接到redis服务器 反弹shell拿到的权限取决于redis的启动账号 操作: 1. Centos7安装redis客户端 #yum install r ...

  4. inode,软硬链接

    如何查看inode ll -di /boot / /app查看文件和文件夹的inode号 df -i查看挂载点文件夹的inode号 做inode增长实验 创建60万个文件的方法1(效率不高):for ...

  5. noi.ac NA535 【生成树】

    因为太蠢一直写T1也没仔细想,赛后发现是个真小清新思维题,本质构造??? 首先显然不会无解,这个随随便便证一下就有了 另外给的式子没啥意义,也就能说明颜色随机???害人不浅 然后就从\(1\)开始,钦 ...

  6. MySQL显示ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)解决方法

    MySQL显示ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)解决方法 2.4K 解决方法: 第一步cd ...

  7. dlsym用法

    1. 包含头文件 #include<dlfcn.h> 2. 函数定义 void *dlsym(void *handle, const char* symbol); handle是使用dlo ...

  8. mysql向redis导入数据

    数据库结构如下 如果是linux系统下,如此整备数据 SELECT CONCAT( "*10\r\n", '$', LENGTH(redis_cmd), '\r\n',redis_ ...

  9. 【51nod 1824】染色游戏

    题目 有 n 个红球, m 个蓝球,从中取出 x 个红球和 y 个蓝球排成一排的得分是 rx⋅by ,其中 r0=b0=1 . 定义 f(t) 表示恰好取出 t 个球排成一排的所有可能局面的得分之和. ...

  10. js new Date() 测试

    var t = new Date().toString(); //t = "Thu Oct 31 2019 11:36:57 GMT+0800 (中国标准时间)" var t1 = ...