Skip to content

Commit

Permalink
added MEM_MAPPED to AoB scan
Browse files Browse the repository at this point in the history
  • Loading branch information
@erfg12
erfg12 committed Jun 21, 2022
1 parent 18d7d1c commit 77d4e85
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
16 changes: 10 additions & 6 deletions Memory/Methods/AoB.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ public partial class Mem
/// <returns>IEnumerable of all addresses found.</returns>
public Task<IEnumerable<long>> AoBScan(string search, bool writable = false, bool executable = true, string file = "")
{
return AoBScan(0, long.MaxValue, search, writable, executable, file);
return AoBScan(0, long.MaxValue, search, writable, executable, false, file);
}

/// <summary>
Expand All @@ -36,7 +36,7 @@ public Task<IEnumerable<long>> AoBScan(string search, bool writable = false, boo
/// <returns>IEnumerable of all addresses found.</returns>
public Task<IEnumerable<long>> AoBScan(string search, bool readable, bool writable, bool executable, string file = "")
{
return AoBScan(0, long.MaxValue, search, readable, writable, executable, file);
return AoBScan(0, long.MaxValue, search, readable, writable, executable, false, file);
}


Expand All @@ -49,11 +49,12 @@ public Task<IEnumerable<long>> AoBScan(string search, bool readable, bool writab
/// <param name="file">ini file (OPTIONAL)</param>
/// <param name="writable">Include writable addresses in scan</param>
/// <param name="executable">Include executable addresses in scan</param>
/// <param name="mapped">Include mapped addresses in scan</param>
/// <returns>IEnumerable of all addresses found.</returns>
public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool writable = false, bool executable = true, string file = "")
public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool writable = false, bool executable = true, bool mapped = false, string file = "")
{
// Not including read only memory was scan behavior prior.
return AoBScan(start, end, search, false, writable, executable, file);
return AoBScan(start, end, search, false, writable, executable, mapped, file);
}

/// <summary>
Expand All @@ -66,8 +67,9 @@ public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool
/// <param name="readable">Include readable addresses in scan</param>
/// <param name="writable">Include writable addresses in scan</param>
/// <param name="executable">Include executable addresses in scan</param>
/// <param name="mapped">Include mapped addresses in scan</param>
/// <returns>IEnumerable of all addresses found.</returns>
public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool readable, bool writable, bool executable, string file = "")
public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool readable, bool writable, bool executable, bool mapped, string file = "")
{
return Task.Run(() =>
{
Expand Down Expand Up @@ -136,6 +138,8 @@ public Task<IEnumerable<long>> AoBScan(long start, long end, string search, bool
isValid &= ((memInfo.Protect & PAGE_GUARD) == 0);
isValid &= ((memInfo.Protect & PAGE_NOACCESS) == 0);
isValid &= (memInfo.Type == MEM_PRIVATE) || (memInfo.Type == MEM_IMAGE);
if (mapped)
isValid &= (memInfo.Type == MEM_MAPPED);
if (isValid)
{
Expand Down Expand Up @@ -224,7 +228,7 @@ public async Task<long> AoBScan(string code, long end, string search, string fil
{
long start = (long)GetCode(code, file).ToUInt64();

return (await AoBScan(start, end, search, true, true, true, file)).FirstOrDefault();
return (await AoBScan(start, end, search, true, true, true, false, file)).FirstOrDefault();
}

private long[] CompareScan(MemoryRegionResult item, byte[] aobPattern, byte[] mask)
Expand Down
1 change: 1 addition & 0 deletions Memory/Structures/Imports.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ OUT LPVOID lpBytesBuffer

public const uint MEM_PRIVATE = 0x20000;
public const uint MEM_IMAGE = 0x1000000;
public const uint MEM_MAPPED = 0x40000;

internal enum NTSTATUS
{
Expand Down

0 comments on commit 77d4e85

Please sign in to comment.