-
Notifications
You must be signed in to change notification settings - Fork 0
/
ISearcher.cs
64 lines (59 loc) · 3.99 KB
/
ISearcher.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
namespace WitchHunt
{
using System;
public interface ISearcher
{
public IntPtr ImageBase { get; }
/// <summary>
/// Expects pattern to be in the following format:
/// 48 8D 05 ?? ?? ?? ?? 48 C7 43 ?? ?? ?? ?? ?? 48 8D 4B ?? 48 89 03 66 C7 43 ?? ?? ?? Add 3 TraceRelative
/// Available Commands:
/// Add # - Shifts the searcher this # is from the start of the pattern. So add 1 moves us to byte 2. add 2 moves to byte 3 etc.
/// Sub # - Shifts the searcher this # is from the start of the pattern. so sub 1 moves us to byte -1. sub 2 moves us to byte -2 etc.
/// Read8 - Reads a byte from the resulting address
/// Read16 - Reads 2 bytes (16bits) from the resulting address
/// Read32 - Reads 4 bytes (32bits) from the resulting address
/// Read64 - Reads 8 bytes (64bits) from the resulting address
/// TraceRelative - Follow the relative address used in calls and lea's
/// TraceCall - Should basically do Add 1 TraceRelative on a pattern for a function call ie E8 ?? ?? ?? ?? Doesn't really work right now.
/// </summary>
/// <param name="pattern">Hex based pattern with ? as wildcards.</param>
/// <returns>Pointer to memory address.</returns>
public IntPtr Search(string pattern);
/// <summary>
/// Expects pattern to be in the following format:
/// 48 8D 05 ?? ?? ?? ?? 48 C7 43 ?? ?? ?? ?? ?? 48 8D 4B ?? 48 89 03 66 C7 43 ?? ?? ?? Add 3 TraceRelative
/// Available Commands:
/// Add # - Shifts the searcher this # is from the start of the pattern. So add 1 moves us to byte 2. add 2 moves to byte 3 etc.
/// Sub # - Shifts the searcher this # is from the start of the pattern. so sub 1 moves us to byte -1. sub 2 moves us to byte -2 etc.
/// Read8 - Reads a byte from the resulting address
/// Read16 - Reads 2 bytes (16bits) from the resulting address
/// Read32 - Reads 4 bytes (32bits) from the resulting address
/// Read64 - Reads 8 bytes (64bits) from the resulting address
/// TraceRelative - Follow the relative address used in calls and lea's
/// TraceCall - Should basically do Add 1 TraceRelative on a pattern for a function call ie E8 ?? ?? ?? ?? Doesn't really work right now.
/// </summary>
/// <param name="pattern">Hex based pattern with ? as wildcards.</param>
/// <param name="start">Location to start searching.</param>
/// <param name="maxSearchLength">Max bytes to search.</param>
/// <returns>Pointer to memory address. IntPtr.Zero if not found.</returns>
public IntPtr Search(string pattern, IntPtr start, int maxSearchLength);
/// <summary>
/// Expects pattern to be in the following format:
/// 48 8D 05 ?? ?? ?? ?? 48 C7 43 ?? ?? ?? ?? ?? 48 8D 4B ?? 48 89 03 66 C7 43 ?? ?? ?? Add 3 TraceRelative
/// Available Commands:
/// Add # - Shifts the searcher this # is from the start of the pattern. So add 1 moves us to byte 2. add 2 moves to byte 3 etc.
/// Sub # - Shifts the searcher this # is from the start of the pattern. so sub 1 moves us to byte -1. sub 2 moves us to byte -2 etc.
/// Read8 - Reads a byte from the resulting address
/// Read16 - Reads 2 bytes (16bits) from the resulting address
/// Read32 - Reads 4 bytes (32bits) from the resulting address
/// Read64 - Reads 8 bytes (64bits) from the resulting address
/// TraceRelative - Follow the relative address used in calls and lea's
/// TraceCall - Should basically do Add 1 TraceRelative on a pattern for a function call ie E8 ?? ?? ?? ?? Doesn't really work right now.
/// </summary>
/// <param name="pattern">Hex based pattern with ? as wildcards.</param>
/// <returns>Array of pointers matching the pattern.</returns>
public IntPtr[] SearchMany(string pattern);
public ReadOnlySpan<byte> GetSlice(int start, int length);
}
}