메소드 | 설명 | |
---|---|---|
FindPattern ( byte btPattern, string strMask, int nOffset ) : |
FindPattern Attempts to locate the given pattern inside the dumped memory region compared against the given mask. If the pattern is found, the offset is added to the located address and returned to the user.
|
|
ResetRegion ( ) : void |
ResetRegion Resets the memory dump array to nothing to allow the class to redump the memory.
|
|
SigScan ( ) : System |
SigScan Main class constructor that uses no params. Simply initializes the class properties and expects the user to set them later.
|
|
SigScan ( |
SigScan Overloaded class constructor that sets the class properties during construction.
|
메소드 | 설명 | |
---|---|---|
DumpMemory ( ) : bool |
DumpMemory Internal memory dump function that uses the set class properties to dump a memory region.
|
|
MaskCheck ( int nOffset, byte btPattern, string strMask ) : bool |
MaskCheck Compares the current pattern byte to the current memory dump byte to check for a match. Uses wildcards to skip bytes that are deemed unneeded in the compares.
|
|
ReadProcessMemory ( |
public FindPattern ( byte btPattern, string strMask, int nOffset ) : |
||
btPattern | byte | Byte pattern to look for in the dumped region. |
strMask | string | The mask string to compare against. |
nOffset | int | The offset added to the result address. |
리턴 |
public SigScan ( |
||
proc | The process to dump the memory from. | |
addr | The started address to begin the dump. | |
size | int | The size of the dump. |
리턴 | System |