First attempt at optmizing AOB scanning.

glogrus · Oct 18, 2018 · cc84e0b · cc84e0b
1 parent bdd4edc
commit cc84e0b
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 18 deletions.
diff --git a/Memory/Class1.cs b/Memory/Class1.cs
@@ -138,6 +138,9 @@ uint dwFreeType
         [DllImport("kernel32.dll")]
         private static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [Out] byte[] lpBuffer, UIntPtr nSize, out ulong lpNumberOfBytesRead);
 
+        [DllImport("kernel32.dll")]
+        private static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [Out] IntPtr lpBuffer, UIntPtr nSize, out ulong lpNumberOfBytesRead);
+
         [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
         static extern UIntPtr VirtualAllocEx(
             IntPtr hProcess,
@@ -1715,6 +1718,8 @@ public async Task<IEnumerable<long>> AoBScan(long start, long end, string search
             string memCode = LoadCode(search, file);
 
             string[] stringByteArray = memCode.Split(' ');
+
+            byte[] aobPattern = new byte[stringByteArray.Length];
             byte[] mask = new byte[stringByteArray.Length];
 
             for (var i = 0; i < stringByteArray.Length; i++)
@@ -1740,6 +1745,10 @@ public async Task<IEnumerable<long>> AoBScan(long start, long end, string search
                     mask[i] = 0xFF;
             }
 
+
+            for (int i = 0; i < stringByteArray.Length; i++)
+                aobPattern[i] = (byte)(Convert.ToByte(stringByteArray[i], 16) & mask[i]);
+
             SYSTEM_INFO sys_info = new SYSTEM_INFO();
             GetSystemInfo(out sys_info);
 
@@ -1828,7 +1837,7 @@ public async Task<IEnumerable<long>> AoBScan(long start, long end, string search
             Parallel.ForEach(memRegionList,
                              (item, parallelLoopState, index) =>
                              {
-                                 long[] compareResults = CompareScan(item, stringByteArray, mask);
+                                 long[] compareResults = CompareScan(item, aobPattern, mask);
 
                                  foreach (long result in compareResults)
                                      bagResult.Add(result);
@@ -1852,30 +1861,31 @@ public async Task<long> AoBScan(string code, long end, string search, string fil
             return  (await AoBScan(start, end, search, true, true, file)).FirstOrDefault();
         }
 
-        private long[] CompareScan(MemoryRegionResult item, string[] aobToFind, byte[] mask)
+        private long[] CompareScan(MemoryRegionResult item, byte[] aobPattern, byte[] mask)
         {
-            if (mask.Length != aobToFind.Length)
-                throw new ArgumentException($"{nameof(aobToFind)}.Length != {nameof(mask)}.Length");
+            if (mask.Length != aobPattern.Length)
+                throw new ArgumentException($"{nameof(aobPattern)}.Length != {nameof(mask)}.Length");
 
-            byte[] buffer = new byte[item.RegionSize];
-            ReadProcessMemory(pHandle, item.CurrentBaseAddress, buffer, (UIntPtr)item.RegionSize, out ulong bytesRead);
-
-
-            byte[] aobPattern = new byte[aobToFind.Length];
+            IntPtr buffer = Marshal.AllocHGlobal((int)item.RegionSize);
 
-            for (int i = 0; i < aobToFind.Length; i++)
-                aobPattern[i] = (byte)(Convert.ToByte(aobToFind[i], 16) & mask[i]);
+            ReadProcessMemory(pHandle, item.CurrentBaseAddress, buffer, (UIntPtr)item.RegionSize, out ulong bytesRead);
 
-            int result = 0 - aobToFind.Length;
+            int result = 0 - aobPattern.Length;
             List<long> ret = new List<long>();
-            do
+            unsafe
             {
-                result = FindPattern(buffer, aobPattern, mask, result + aobToFind.Length);
+                do
+                {
+
+                    result = FindPattern((byte*)buffer.ToPointer(), (int)bytesRead, aobPattern, mask, result + aobPattern.Length);
 
-                if (result >= 0)
-                    ret.Add((long)item.CurrentBaseAddress + result);
+                    if (result >= 0)
+                        ret.Add((long) item.CurrentBaseAddress + result);
 
-            } while (result != -1);
+                } while (result != -1);
+            }
+
+            Marshal.FreeHGlobal(buffer);
 
             return ret.ToArray();
         }
@@ -1910,6 +1920,36 @@ private int FindPattern(byte[] body, byte[] pattern, byte[] masks, int start = 0
             return foundIndex;
         }
 
+        private unsafe int FindPattern(byte* body, int bodyLength, byte[] pattern, byte[] masks, int start = 0)
+        {
+            int foundIndex = -1;
+
+            if (bodyLength <= 0 || pattern.Length <= 0 || start > bodyLength - pattern.Length ||
+                pattern.Length > bodyLength) return foundIndex;
+
+            for (int index = start; index <= bodyLength - pattern.Length; index++)
+            {
+                if (((body[index] & masks[0]) == (pattern[0] & masks[0])))
+                {
+                    var match = true;
+                    for (int index2 = 1; index2 <= pattern.Length - 1; index2++)
+                    {
+                        if ((body[index + index2] & masks[index2]) == (pattern[index2] & masks[index2])) continue;
+                        match = false;
+                        break;
+
+                    }
+
+                    if (!match) continue;
+
+                    foundIndex = index;
+                    break;
+                }
+            }
+
+            return foundIndex;
+        }
+
 #endif
     }
 }
diff --git a/Memory/Memory.csproj b/Memory/Memory.csproj
@@ -24,7 +24,7 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>0</WarningLevel>
     <DocumentationFile>bin\Debug\Memory.XML</DocumentationFile>
-    <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <Prefer32Bit>false</Prefer32Bit>
     <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>