📄 cehook.dpr
字号:
if st<>nil then
RemoverangeWith(dword(@st.x));
if htw<>nil then
RemoverangeWith(dword(@htw.x));
RemoverangeWith(dword(@Removerangewith));
//if everything went ok memoryregions should now contain all the addresses and sizes
//to speed it up combine the regions that are attached to eachother.
j:=0;
address:=memoryregion[0].BaseAddress;
size:=memoryregion[0].MemorySize;
for i:=1 to memoryregions-1 do
begin
if memoryregion[i].BaseAddress=address+size then
inc(size,memoryregion[i].MemorySize)
else
begin
memoryregion[j].BaseAddress:=address;
memoryregion[j].MemorySize:=size;
address:=memoryregion[i].BaseAddress;
size:=memoryregion[i].MemorySize;
inc(j);
end;
end;
memoryregion[j].BaseAddress:=address;
memoryregion[j].MemorySize:=size;
memoryregions:=j+1;
setlength(memoryregion,memoryregions);
//re-added due to complaints about speed:
//split up into smaller chunks
if scansettings^.buffersize>0 then
begin
i:=0;
while i<=memoryregions-1 do
begin
if memoryregion[i].MemorySize>dword(buffersize) then
begin
inc(memoryregions);
setlength(memoryregion,memoryregions);
//copy the next element to the back, and split up the current one
//(unless this is the item at the back, and not needed)
if i<memoryregions-2 then
begin
//i isnt the last element of the array so do a semi-shift
memoryregion[memoryregions-1].BaseAddress:=memoryregion[i+1].baseaddress;
memoryregion[memoryregions-1].MemorySize:=memoryregion[i+1].MemorySize;
end;
memoryregion[i+1].IsChild:=true;
if scansettings^.fastscan then
case scansettings^.ValueType of
1:
begin //word
memoryregion[i+1].BaseAddress:=memoryregion[i].BaseAddress+buffersize-1;
memoryregion[i+1].MemorySize:=memoryregion[i].MemorySize-buffersize+1;
end;
2,3:
begin //dword+float
memoryregion[i+1].BaseAddress:=memoryregion[i].BaseAddress+buffersize-3;
memoryregion[i+1].MemorySize:=memoryregion[i].MemorySize-buffersize+3;
end;
4,6:
begin //double+int64
memoryregion[i+1].BaseAddress:=memoryregion[i].BaseAddress+buffersize-7;
memoryregion[i+1].MemorySize:=memoryregion[i].MemorySize-buffersize+7;
end;
else
begin
memoryregion[i+1].BaseAddress:=memoryregion[i].BaseAddress+buffersize;
memoryregion[i+1].MemorySize:=memoryregion[i].MemorySize-buffersize;
end;
end
else
begin
memoryregion[i+1].BaseAddress:=memoryregion[i].BaseAddress+buffersize;
memoryregion[i+1].MemorySize:=memoryregion[i].MemorySize-buffersize;
end;
memoryregion[i].MemorySize:=buffersize;
end;
inc(i);
end;
dec(memoryregions);
end else memoryregions:=j;
if scansettings^.fastscan then
begin
//optimize regions
for i:=0 to memoryregions do
//make it so the regions all start at a location that can be devided by the size of the valtype
case scansettings^.ValueType of
1:
begin //word (mod 2=0)
j:=(memoryregion[i].BaseAddress mod 2);
if j<>0 then
if memoryregion[i].IsChild then
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress-j;
inc(memoryregion[i].MemorySize,j);
end
else
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress+j;
dec(memoryregion[i].MemorySize,j);
end;
end;
2,3:
begin //dword+float
j:=(memoryregion[i].BaseAddress mod 4);
if j<>0 then
if memoryregion[i].IsChild then
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress-j;
inc(memoryregion[i].MemorySize,j);
end
else
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress+4-j;
dec(memoryregion[i].MemorySize,4-j);
end;
end;
4,6:
begin //double+int64
j:=(memoryregion[i].BaseAddress mod 8);
if j<>0 then
if memoryregion[i].IsChild then
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress-j;
inc(memoryregion[i].MemorySize,j);
end
else
begin
memoryregion[i].BaseAddress:=memoryregion[i].BaseAddress+8-j;
dec(memoryregion[i].MemorySize,8-j);
end;
end;
end;
end;
TotalToRead:=0;
For i:=0 to Memoryregions do
inc(TotalToRead,Memoryregion[i].MemorySize);
postmessage(scansettings^.formscanningHandle,ESSetProgressbarMax,TotalToRead,TotalToRead);
except
on e: exception do
begin
outputdebugstring(pchar(e.Message));
raise e;
end;
end;
// for i:=0 to length(exclude)-1 do RemoveRangewith(exclude[i]);
// showmessage('TotalToRead='+IntToStr(totaltoread));
end;
{procedure foundone;
begin
//inc(form1.c);
//showmessage(IntToHex(foundaddress,8));
end;
procedure ScanByte(scanvalue:byte;startaddress:dword;ammount: dword);
label done;
asm
mov edx,startaddress
mov ecx,ammount
mov ah,scanvalue
@looper:
cmp byte ptr [edx],ah
je @_foundone
@continue_looper:
inc edx
loop @looper
jmp done
@_foundone:
push eax
push ecx
push edx
mov foundaddress,edx
call foundone
pop edx
pop ecx
pop eax
jmp @continue_looper
done:
end;}
function ExactValueFirstScan:integer;
var mbi : _MEMORY_BASIC_INFORMATION;
address: Dword;
size: dword;
found: dword;
Decim: dword;
Decimhelp: Integer;
ByteValue,ByteValue2: Byte;
WordValue,WordValue2: Word;
DWordValue,dwordvalue2: Dword;
SingleValue,singlevalue2: Single;
doubleValue,doublevalue2: double;
Int64Value,int64value2: Int64;
helpsingle,helpsingle2,helpsingle3: single;
helpdouble,helpdouble2,helpdouble3: double;
i,k,l: integer;
j: dword;
actualread: dword;
actualwrite: dword;
//save variables
dataType: String[6]; //REGION or NORMAL (Always region in this procedure)
CharToFind: Dword;
memoryposition: Dword;
position: Dword;
searching: Boolean;
scanlength: Dword;
check: boolean;
MPoint: ^Byte;
ByteP: pbyte;
bytep2: pbyte;
WordP: ^Word;
DwordP: ^Dword;
Int64P: ^Int64;
SingleP: ^Single;
DoubleP: ^double;
helpword: word;
helpdworD: dword;
number: dword;
maxmem: dword;
FoundIsFilled: Boolean;
//arrayofbyte vars
nrofbytes: dword;
bytes: TBytes; //-1=wildcard
BitToFind: integer;
traceback: boolean;
resulthelper: tfilestream;
tempstring: pchar;
scanvalue:string;
scantype: Integer;
vartype: integer;
extra: boolean;
roundingtype: tfloatscan;
unicode: boolean;
unicode2: boolean;
scanvalue2: string;
begin
lastscan:=0;
bytevalue:=$90;
wordvalue:=$1020;
dwordvalue:=$30405060;
singlevalue:=123.12345;
doublevalue:=12345.123;
int64value:=$1122334455667788;
try
GetMemoryRanges([dword(@dwordvalue)]);
// RemoveRangewith(dword(@dwordvalue));
except
raise exception.Create('getmemoryexception');
end;
position:=0;
nrofbits:=999;
Int64Value:=0;
FoundIsFilled:=false;
// setlength(memory,splitvalue+1);
found:=0;
scanvalue:=scansettings^.scanvalue;
scanvalue2:=scansettings^.scanvalue2;
scantype:=scansettings^.Scantype;
vartype:=scansettings^.ValueType;
extra:=scansettings^.Hexadecimal;
roundingtype:=scansettings^.roundingtype;
unicode:=scansettings^.unicode;
if scanvalue='' then scanvalue:='0';
if scanvalue2='' then scanvalue2:='0';
if scantype in [Exact_value,Increased_value_by,decreased_value_by,SmallerThan,BiggerThan,valuebetween] then
begin
if vartype=0 then
begin
if extra then val('$'+scanvalue,bytevalue,i)
else val(scanvalue,bytevalue,i);
if i>0 then raise Exception.Create(scanvalue+' is not a valid byte notation');
end;
if vartype=1 then
begin
if extra then val('$'+scanvalue,wordvalue,i)
else val(scanvalue,wordvalue,i);
if i>0 then raise Exception.Create(scanvalue+' is not an valid 2-byte notation');
end;
if vartype=2 then
begin
if extra then val('$'+scanvalue,dwordvalue,i)
else val(scanvalue,dwordvalue,i);
if i>0 then raise Exception.Create(scanvalue+' is not an valid 4-byte notation');
end;
if vartype=3 then //doesnt have the hexadecimal option
begin
val(scanvalue,singlevalue,i);
if i>0 then
if scanvalue[i]=',' then scanvalue[i]:='.';
val(scanvalue,singlevalue,i);
if i>0 then raise Exception.Create(scanvalue+' is not a valid floating point notation');
end;
if vartype=4 then //same as 3
begin
val(scanvalue,doublevalue,i);
if i>0 then
if scanvalue[i]=',' then scanvalue[i]:='.';
val(scanvalue,singlevalue,i);
if i>0 then raise Exception.create(scanvalue+' is not a valid floating point notation');
end;
if vartype=5 then
begin
if pos('-',scanvalue)>0 then raise exception.create(scanvalue+' is not a valid notation!');
if not extra then
begin
setlength(bitscan,length(scanvalue));
j:=0;
for i:=length(scanvalue) downto 1 do
begin
if scanvalue[i]='0' then bitscan[length(scanvalue)-i]:=0
else
if scanvalue[i]='1' then bitscan[length(scanvalue)-i]:=1
else
if scanvalue[i]='?' then bitscan[length(scanvalue)-i]:=2
else
if scanvalue[i]='*' then bitscan[length(scanvalue)-i]:=2
else
begin
freememory;
raise Exception.create(scanvalue+' is not a valid binary notation');
end;
inc(j);
end;
end
else
begin
try
dwordvalue:=StrToInt(scanvalue);
i:=0;
if dwordvalue=0 then
begin
setlength(bitscan,1);
bitscan[0]:=0;
end
else
while dwordvalue>0 do
begin
setlength(bitscan,i+1);
if (dwordvalue mod 2)>0 then bitscan[i]:=1
else bitscan[i]:=0;
inc(i);
dwordvalue:=dwordvalue div 2;
end;
except
raise Exception.create(scanvalue+' is not a valid notation');
end;
end;
nrofbits:=length(bitscan);
scansettings^.nrofbits:=nrofbits;
if nrofbits=0 then raise exception.Create(scanvalue+' did not result in a string of bits');
end;
if vartype=6 then
begin
if extra then
val('$'+scanvalue,int64value,i)
else
val(scanvalue,Int64value,i);
if i>0 then raise Exception.Create(scanvalue+' is not an valid 8-byte notation');
end;
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -