hearthbuddy中的一段代码

// Token: 0x06001A79 RID: 6777 RVA: 0x000DD024 File Offset: 0x000DB224

        internal IntPtr method_33(IntPtr intptr_37, string string_0, params Class276.Enum20[] enum20_0)

        {

            while (intptr_37 != IntPtr.Zero)

            {

                using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory())

                {

                    allocatedMemory.AllocateOfChunk<IntPtr>("Itr");

                    IntPtr intPtr;

                    while ((intPtr = this.method_35(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero)

                    {

                        IntPtr address = this.method_37(intPtr);

                        if (this.externalProcessMemory_0.ReadStringA(address) == string_0)

                        {

                            if (enum20_0 != null)

                            {

                                Class276.Enum20[] array = this.method_31(intPtr);

                                if (array.Length != enum20_0.Length || !array.SequenceEqual(enum20_0))

                                {

                                    continue;

                                }

                            }

                            return intPtr;

                        }

                    }

                    intptr_37 = this.method_25(intptr_37);

                }

            }

            return IntPtr.Zero;

        }

// Token: 0x04000D28 RID: 3368
        private readonly ExternalProcessMemory externalProcessMemory_0;

public class ExternalProcessMemory : MemoryBase

// Token: 0x06000157 RID: 343 RVA: 0x0036DA50 File Offset: 0x00362E50

        public AllocatedMemory CreateAllocatedMemory(int bytes)

        {

            return new AllocatedMemory(this, bytes);

        }
// Token: 0x060000C1 RID: 193 RVA: 0x0036F644 File Offset: 0x00364A44

        public void AllocateOfChunk(string allocatedName, int bytes)

        {

            IntPtr value = (IntPtr)this._currentOffset;

            this._allocated.Add(allocatedName, value);

            this._currentOffset += bytes;

            ref int ptr = ref this._currentOffset;

            int num = ptr;

            int num2 = num % ;

            if (num2 != )

            {

                ptr = num - num2 + ;

            }

        }

        // Token: 0x060000C2 RID: 194 RVA: 0x0036D637 File Offset: 0x00362A37

        public void AllocateOfChunk<T>(string allocatedName) where T : struct

        {

            this.AllocateOfChunk(allocatedName, MarshalCache<T>.Size);

        }

出处

https://github.com/lolp1/Process.NET   这个项目的致谢名单里有提到

GreyMagic - The best of both worlds, and then some

Download: https://dl.dropbox.com/u/2068143/GreyMagic.7z

So, I wrote this a while back for our bots (Honorbuddy, Demonbuddy,
BuddyWing, etc). It's a full-featured memory lib for both in and out of
process memory handling. Performance tests show that it's barely a tick
slower than calling ReadProcessMemory directly on simple data types, and
slightly over a tick slower than reading structures. (Write speeds have
not been tested, as writing is not done nearly as often)

The following are for perf tests over 1 million iterations:

Read<int>(addr, relative: true) - 4.57 ticks
ReadProcessMemory (direct) - 3.54 ticks
Deref on ReadBytes(addr, relative: true) - 3.90 ticks
Read<NonMarshalStruct>(addr, relative: true) - 5.06 ticks
Read<MarshalStruct>(addr, relative: true) - 6.48 ticks

The library itself implements a neat little trick to avoid using the
marshaler wherever possible. MarshalCache<T> provides a way to
cache certain data for types (size, typeof(), whether the type needs to
be run through the marshaler, etc), as well as implements a way for C#
to take a pointer to a generic type. (You can't do &T in C#...
well... at least you couldn't)

The lib itself takes into account quite a few things, and should
hopefully be plug-and-play ready. It includes a few other things that
aren't really useful (but tossed in for the sake of tossing it in). I
will be adding more features in the future (it lacks a pattern scanner).
Feel free to use and abuse, please let me know of any bugs you run
into.

In-process memory class: InProcessMemoryReader
OOP memory class: ExternalProcessMemoryReader

Enjoy folks!

GreyMagic的更多相关文章

  1. Web安全工具大汇聚

    http://www.owasp.org/index.PHP/Phoenix/Tools http://sebug.net/paper/other/Web安全工具大汇聚.txt =========== ...

  2. 跨站脚本(XSS)备忘单-2019版

    这是一份跨站脚本(XSS)备忘录,收集了大量的XSS攻击向量,包含了各种事件处理.通讯协议.特殊属性.限制字符.编码方式.沙箱逃逸等技巧,可以帮助渗透测试人员绕过WAF和过滤机制. 译者注:原文由Po ...

  3. HearthBuddy炉石兄弟 Method 'Entity.GetRace' not found.

    解决方案 namespace Triton.Game.Mapping{// Token: 0x020004A4 RID: 1188[Attribute38("Entity")]pu ...

  4. HearthBuddy Plugin编写遇到的问题

    错误1 赋值问题 貌似编译器版本有点低,无法识别C#的高级语法糖 属性的初始值,必须是public bool IsEnabled { get{return true;} } 不能写成public bo ...

  5. github搜索不到代码的问题

    Hi team, Please check the following three query url :https://github.com/Konctantin/GreyMagic/search? ...

  6. HearthBuddy炉石兄弟 Method 'CollectionDeckBoxVisual.IsValid' not found.

    [CollectionManagerScene_COLLECTION] An exception occurred when calling CacheCustomDecks: System.Miss ...

  7. HearthBuddy 第一次调试

    HearthBuddy https://www.jiligame.com/70639.html 解压缩包,打开hearthbuddy.exe直接运行就可以:不用替换mono.dll直接可用:不需要校验 ...

随机推荐

  1. 关于redis的几件小事(四)redis的过期策略以及内存淘汰机制

    1.数据为什么会过期? 首先,要明白redis是用来做数据缓存的,不是用来做数据存储的(当然也可以当数据库用),所以数据时候过期的,过期的数据就不见了,过期主要有两种情况, ①在设置缓存数据时制定了过 ...

  2. js介绍及语法结构

    javaScript它是一门动态的,弱类型的,解释型面向Web的编程语言.虽然名字里有Java但其它与Java无关.它可以用来增强页面动态效果,实现页面与用户之间的实时,动态交互. javascrip ...

  3. Spring框架中<mvc:default-servlet-handler/>的作用

    优雅REST风格的资源URL不希望带 .html 或 .do 等后缀.由于早期的Spring MVC不能很好地处理静态资源,所以在web.xml中配置DispatcherServlet的请求映射,往往 ...

  4. Tomcat配置JNDI

    JNDI是什么?使用JNDI有什么好处? JNDI是 Java 命名与目录接口(Java Naming and Directory Interface),在J2EE规范中是重要的规范之一. 我个人对j ...

  5. shell脚本实战

    想写个脚本,发现都忘了,蛋疼,一边回忆一边查一边写,总算完成了,贴在下面: #!/bin/bash #Program: # This program can help you quickly rede ...

  6. glsl:error C1105: cannot call a non-function

    今天写的shader编译过程中报了这个错误,而且错误行数是0.原因怎么找也找不到.后来发现原来是normalize方法写成了了normal正好和函数的形参名字一样. 特地记录一下.

  7. pmf文件

    1.首先是视频软件,其次还是DISKGENI(磁盘分区软件),当作镜像文件恢复文件到磁盘(类似ISO).2.PMF文件为主要与primarily Pegasus Mail Message Attach ...

  8. ffmpeg函数03__av_seek_frame()

    当需要把视频跳转到N秒的时候可以使用下面的方法:int64_t timestamp = N * AV_TIME_BASE; av_seek_frame(fmtctx, index_of_video, ...

  9. Gym - 101630G The Great Wall (前缀和+树状数组+二分)

    题意:有一个序列,一开始所有的元素都是ai,你可以选择两个长度相等的区间,如果某个元素被一个区间覆盖,那么变为bi,如果被两个区间都覆盖,那么变为ci.问所有区间的选择方法中产生的第k小的元素总和. ...

  10. c++拓展register寄存器

    寄存器----硬件和软件打交道的接口,这上面装了android,亦或是 windows,linux就能和相关的操作系统设备打交道 早期硬件性能并不很快时,为了提高程序运行的效率,会声明一个寄存器变量, ...