0

Im trying to find out if there is a simple way of searching for a sequence of bytes in a programs memory. More specifically, I want to search through a dll that is loaded into memory and find the VA/RVA of the address where those bytes are. Is this possible?

I know I can read the contents of a dll and then search, but I not sure how I can get the VA/RVA of the location.

Thanks

4

1 回答 1

0

我不确切知道您是如何访问内存的,但如果您知道您搜索的事物的模式并可以访问内存块,您几乎可以通过 ORegex 找到所有内容。

var memory_bytes = new byte[] {0, 0, 0, 0, 254, 255, 254, 0, 0, 0, 254};

var oregex = new ORegex<byte>("{0}{1}{0}",x=> x==254, x=> x==255);
var matches = oregex.Matches(memory_bytes);

///OUTPUT: [254,255,254]
于 2016-06-22T11:45:36.907 回答