📄 pointerscannerfrm.pas
字号:
isstatic:=false;
if dword(currentpos)>=maxpos then
begin
inc(currentregion);
if currentregion=length(scanregions) then break; //no more regions
currentpos:=pointer(scanregions[currentregion].BaseAddress);
maxpos:=scanregions[currentregion].BaseAddress+scanregions[currentregion].MemorySize-4;
end;
inc(i);
i:=i mod 40;
if i=0 then progressbar.position:=(dword(currentpos)-start);
continue;
end;
end;
if isstatic and (pdword(vm.AddressToPointer(dword(currentpos)))^>=filterstart) and (pdword(vm.AddressToPointer(dword(currentpos)))^<=filterstop) then
begin
method2scan(dword(currentpos));
end;
inc(i);
i:=i mod 40;
if i=0 then progressbar.position:=(dword(currentpos)-start);
if unallignedbase then
inc(pbyte(currentpos))
else
inc(pbyte(currentpos),4);
if dword(currentpos)>=maxpos then
begin
inc(currentregion);
if currentregion=length(scanregions) then break; //no more regions
currentpos:=pointer(scanregions[currentregion].BaseAddress);
maxpos:=scanregions[currentregion].BaseAddress+scanregions[currentregion].MemorySize-4;
end;
except
inc(currentregion);
if currentregion=length(scanregions) then break; //no more regions
currentpos:=pointer(scanregions[currentregion].BaseAddress);
maxpos:=scanregions[currentregion].BaseAddress+scanregions[currentregion].MemorySize-4;
end;
end;
//done
finally
setlength(filenames,length(method2scanners));
for i:=0 to length(method2scanners)-1 do
begin
method2scanners[i].stop:=true;
method2scanners[i].startworking.SetEvent; //run it in case it was waiting
method2scanners[i].WaitFor; //wait till this thread has terminated because the main thread has termianted
method2scanners[i].flushresults;
filenames[i]:=method2scanners[i].filename; //save the filename
method2scanners[i].Free;
end;
postmessage(frmpointerscanner.Handle,staticscanner_done,0,0);
terminate;
Method2semaphore.Free;
end;
end;
destructor TStaticscanner.destroy;
begin
terminate;
waitfor;
inherited destroy;
end;
//---------------------------------main--------------------------
procedure Tfrmpointerscanner.Method3Fastspeedandaveragememoryusage1Click(
Sender: TObject);
var
i: integer;
begin
start:=now;
if frmpointerscannersettings=nil then
frmpointerscannersettings:=tfrmpointerscannersettings.create(self);
if frmpointerscannersettings.Visible then exit;
if frmpointerscannersettings.Showmodal=mrok then
begin
treeview2.Visible:=false;
panel2.Visible:=false;
open1.Enabled:=false;
new1.enabled:=false;
save1.Enabled:=false;
rescanmemory1.Enabled:=false;
incorrectresult:=0;
continued:=0;
pointersfound:=0;
label1.Caption:='Matches found:';
label2.Left:=label1.Left+label1.Width+5;
timer2.Enabled:=true;
treenodeswithchildrenpos:=0;
matchednodespos:=0;
//free the old critical section
for i:=0 to length(dissectedpointersLevelMREWS)-1 do
dissectedpointersLevelMREWS[i].Free;
setlength(dissectedpointersLevelpos,frmpointerscannersettings.maxlevel+1);
setlength(dissectedpointersLevel,frmpointerscannersettings.maxlevel+1);
setlength(dissectedpointersLevelMREWS,frmpointerscannersettings.maxlevel+1);
for i:=0 to length(dissectedpointersLevelpos)-1 do
dissectedpointersLevelpos[i]:=0;
for i:=0 to length(dissectedpointersLevelMREWS)-1 do
dissectedpointersLevelMREWS[i]:=TMultiReadExclusiveWriteSynchronizer.create;
for i:=0 to length(dissectedpointerslevel)-1 do
setlength(dissectedpointerslevel[i],1024*1024); //1mb default
//possible paths cleaning and reinitialize
for i:=0 to length(possiblepathslevelMREWS)-1 do
possiblepathslevelMREWS[i].Free;
setlength(possiblepathslevelpos,frmpointerscannersettings.maxlevel+1);
setlength(possiblepathslevel,frmpointerscannersettings.maxlevel+1);
setlength(possiblepathslevelMREWS,frmpointerscannersettings.maxlevel+1);
for i:=0 to length(possiblepathslevelpos)-1 do
possiblepathslevelpos[i]:=0;
for i:=0 to length(possiblepathslevelMREWS)-1 do
possiblepathslevelMREWS[i]:=TMultiReadExclusiveWriteSynchronizer.create;
for i:=0 to length(possiblepathslevel)-1 do
setlength(possiblepathslevel[i],1024*1024); //1mb default
if staticscanner<>nil then staticscanner.free;
staticscanner:=TStaticscanner.Create(true);
try
staticscanner.start:=frmpointerscannersettings.start;
staticscanner.stop:=frmpointerscannersettings.Stop;
staticscanner.filterstart:=frmpointerscannersettings.FilterStart;
staticscanner.filterstop:=frmpointerscannersettings.FilterStop;
staticscanner.unalligned:=frmpointerscannersettings.unalligned;
staticscanner.codescan:=frmpointerscannersettings.codescan;
staticscanner.automatic:=true;
staticscanner.automaticaddress:=frmpointerscannersettings.automaticaddress;
staticscanner.sz:=frmpointerscannersettings.structsize;
staticscanner.sz0:=frmpointerscannersettings.level0structsize;
staticscanner.maxlevel:=frmpointerscannersettings.maxlevel;
staticscanner.method2:=true;
staticscanner.method3:=true;
staticscanner.fast:=frmpointerscannersettings.CheckBox1.Checked;
staticscanner.psychotic:=frmpointerscannersettings.psychotic;
staticscanner.writableonly:=frmpointerscannersettings.writableonly;
staticscanner.unallignedbase:=frmpointerscannersettings.unallignedbase;
staticscanner.progressbar:=progressbar1;
staticscanner.threadcount:=frmpointerscannersettings.threadcount;
staticscanner.scannerpriority:=frmpointerscannersettings.scannerpriority;
progressbar1.Max:=staticscanner.stop-staticscanner.start;
open1.Enabled:=false;
staticscanner.Resume;
panel2.Visible:=true;
except
staticscanner.Free;
end;
end;
end;
procedure Tfrmpointerscanner.Timer2Timer(Sender: TObject);
var i,j,l: integer;
s: string;
a: string;
smallestaddress: dword;
begin
label8.Caption:=inttostr(continued);
label2.Caption:=inttostr(pointersfound);
label13.caption:=inttostr(skipped);
if staticscanner<>nil then
try
l:=length(staticscanner.method2scanners);
s:=inttostr(l);
a:='';
j:=0;
for i:=0 to l-1 do
begin
if staticscanner.method2scanners[i].isdone then inc(j);
if i=0 then smallestaddress:=staticscanner.method2scanners[i].address
else
if staticscanner.method2scanners[i].address<smallestaddress then smallestaddress:=staticscanner.method2scanners[i].address;
a:=a+' '+inttostr(i)+':'+inttohex(staticscanner.method2scanners[i].address,8);
end;
label11.caption:=s+' ('+inttostr(j)+')'+a;
label15.Caption:=inttohex(smallestaddress,8);
except
label11.caption:='0 (0)';
end;
label4.Caption:=inttostr(scanaddresscount);
label5.caption:=inttostr(incorrectresult);
end;
procedure Tfrmpointerscanner.Showresults1Click(Sender: TObject);
begin
panel1.caption:='There are '+inttostr(pointersfound)+' pointers in the list';
if pointersfound>15000 then
if messagedlg('This is a huge ammount of pointers. ('+inttostr(pointersfound)+') Are you sure you want to show them? (It''ll take a while to update the list)',mtconfirmation,[mbyes,mbno],0)<>mryes then exit;
drawtreeview;
end;
procedure Tfrmpointerscanner.Save1Click(Sender: TObject);
var y: tfilestream;
begin
if savedialog1.execute then
begin
y:=tfilestream.Create(savedialog1.FileName,fmcreate);
try
y.CopyFrom(pointerlist,0);
finally
y.free;
end;
end;
end;
procedure Tfrmpointerscanner.Open1Click(Sender: TObject);
var x: tfilestream;
offsetsize: dword;
offsetlist: array of dword;
begin
if opendialog1.Execute then
begin
if staticscanner=nil then
begin
staticscanner:=tstaticscanner.Create(true);
staticscanner.Terminate;
staticscanner.Resume;
end;
setlength(staticscanner.filenames,1);
staticscanner.filenames[0]:=opendialog1.FileName;
pointersfound:=0;
x:=tfilestream.Create(opendialog1.FileName,fmopenread);
try
while x.Position<x.Size do
begin
x.ReadBuffer(offsetsize,sizeof(offsetsize));
if length(offsetlist)<(offsetsize+1) then
setlength(offsetlist,offsetsize*2);
x.ReadBuffer(offsetlist[0],(offsetsize+1)*sizeof(offsetlist[0]));
inc(pointersfound);
end;
finally
x.free;
end;
loadpointers;
doneui;
showresults1.Enabled:=true;
Rescanmemory1.Enabled:=true;
Save1.Enabled:=true;
new1.Enabled:=true;
showresults1.Click;
end;
end;
procedure TRescanpointers.execute;
var offsetsize: dword;
offsetlist: array of dword;
x,br: dword;
i: integer;
begin
pointersfound:=0;
newpointerlist:=tmemorystream.Create;
oldpointerlist.Seek(0,sofrombeginning);
progressbar.Min:=0;
progressbar.Max:=oldpointerlist.Size;
setlength(offsetlist,10);
while oldpointerlist.Position<oldpointerlist.Size do
begin
oldpointerlist.ReadBuffer(offsetsize,sizeof(offsetsize));
if length(offsetlist)<(offsetsize+1) then
setlength(offsetlist,offsetsize*2);
oldpointerlist.ReadBuffer(offsetlist[0],(offsetsize+1)*sizeof(offsetlist[0]));
//now check if it matches, and if so, save it back to the newpointerlist
try
x:=offsetlist[0];
for i:=2 to offsetsize do
begin
if not readprocessmemory(processhandle,pointer(x),@x,sizeof(x),br) then
begin
progressbar.Position:=oldpointerlist.Position;
continue;
end;
inc(x,offsetlist[i]);
end;
if x=address then
begin
newpointerlist.WriteBuffer(offsetsize,sizeof(offsetsize));
newpointerlist.WriteBuffer(offsetlist[0],(offsetsize+1)*sizeof(offsetlist[0]));
inc(pointersfound);
end;
except
//not valid, so dont save
end;
progressbar.Position:=oldpointerlist.Position;
end;
postmessage(frmPointerScanner.Handle,rescan_done,0,0);
end;
procedure Tfrmpointerscanner.Rescanmemory1Click(Sender: TObject);
var address: dword;
saddress: string;
begin
saddress:='';
if inputquery('Rescan pointers','What is the current address?',saddress) then
begin
address:=strtoint('$'+saddress);
Rescanmemory1.Enabled:=false;
Save1.Enabled:=false;
new1.Enabled:=false;
showresults1.Enabled:=false;
//rescan the pointerlist
rescan:=trescanpointers.create(true);
rescan.progressbar:=progressbar1;
rescan.oldpointerlist:=pointerlist;
rescan.address:=address;
rescan.resume;
end;
end;
procedure tfrmpointerscanner.rescandone(var message: tmessage);
begin
pointerlist.free;
pointerlist:=rescan.newpointerlist;
rescan.free;
doneui;
showresults1.Enabled:=true;
Rescanmemory1.Enabled:=true;
Save1.Enabled:=true;
new1.Enabled:=true;
showresults1.Click;
end;
procedure Tfrmpointerscanner.Button1Click(Sender: TObject);
begin
if staticscanner<>nil then
begin
staticscanner.Terminate;
staticscanner.WaitFor;
end;
end;
procedure Tfrmpointerscanner.FormClose(Sender: TObject;
var Action: TCloseAction);
begin
button1click(button1);
end;
procedure Tfrmpointerscanner.FormShow(Sender: TObject);
begin
self.BringToFront;
self.SetFocus;
setforegroundwindow(self.handle);
end;
procedure Tfrmpointerscanner.openscanner(var message: tmessage);
begin
if frmpointerscannersettings=nil then
frmpointerscannersettings:=tfrmpointerscannersettings.create(self);
frmpointerscannersettings.edtAddress.text:=inttohex(message.WParam,8);
Method3Fastspeedandaveragememoryusage1.Click;
end;
procedure Tfrmpointerscanner.TreeView2DblClick(Sender: TObject);
begin
showmessage('tell db to add this');
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -