Added MemoryPage pointer checking

Fixed "offsets" sorting in table
Optimized strings reading

Author: Stridemann

StructureSpiderAdvanced/MainViewModel.cs

@@ -4,6 +4,7 @@
 using System.Collections.ObjectModel;
 using System.Windows.Threading;
 using System.Threading;
+using System.Windows.Controls;
 
 namespace StructureSpiderAdvanced
 {
@@ -161,10 +162,11 @@ public bool UseMethodTable
                 RaisePropertyChanged(nameof(UseMethodTable));
             }
         }
+        
+        public bool UseMemoryPage { get; set; } = true;
 
-        public bool NoLooping { get; set; } = true;
 
-        public ushort MethodTableLength { get; set; } = 3;
+        public bool NoLooping { get; set; } = true;    
         public ushort StringLength { get; set; } = 256;
         public StringCompareType StringCompareType { get; set; } = StringCompareType.Equal;
         public bool StringIgnoreCase { get; set; } = false;
@@ -197,7 +199,7 @@ public bool UseEndOffsets
         ////////////////////////////////////////////////
         public List<int> MaxLevels { get; set; } = new List<int>() { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
         public List<DataType> DataTypes { get; set; } = new List<DataType>();
-        public List<int> Alignments { get; set; } = new List<int>() { 1, 2, 4, 8 };
+        public List<ushort> Alignments { get; set; } = new List<ushort>() { 1, 2, 4, 8 };
         public List<StringCompareType> StringCompareTypes { get; set; } = new List<StringCompareType>();
     }
 
@@ -251,22 +253,22 @@ public string Value
 
         public List<int> Offsets = new List<int>();
 
-        public string Offset0 { get { return GetOffset(0); } set { } }
-        public string Offset1 { get { return GetOffset(1); } set { } }
-        public string Offset2 { get { return GetOffset(2); } set { } }
-        public string Offset3 { get { return GetOffset(3); } set { } }
-        public string Offset4 { get { return GetOffset(4); } set { } }
-        public string Offset5 { get { return GetOffset(5); } set { } }
-        public string Offset6 { get { return GetOffset(6); } set { } }
-        public string Offset7 { get { return GetOffset(7); } set { } }
-        public string Offset8 { get { return GetOffset(8); } set { } }
-        public string Offset9 { get { return GetOffset(9); } set { } }
+        public int Offset0 { get { return GetOffset(0); } set { } }
+        public int Offset1 { get { return GetOffset(1); } set { } }
+        public int Offset2 { get { return GetOffset(2); } set { } }
+        public int Offset3 { get { return GetOffset(3); } set { } }
+        public int Offset4 { get { return GetOffset(4); } set { } }
+        public int Offset5 { get { return GetOffset(5); } set { } }
+        public int Offset6 { get { return GetOffset(6); } set { } }
+        public int Offset7 { get { return GetOffset(7); } set { } }
+        public int Offset8 { get { return GetOffset(8); } set { } }
+        public int Offset9 { get { return GetOffset(9); } set { } }
 
-        private string GetOffset(int index)
+        private int GetOffset(int index)
         {
             if (index >= Offsets.Count)
-                return "";
-            return Offsets[index].ToString("x");
+                return -1;// -1 will not be displayed in table due to OffsetConverter
+            return Offsets[index];
         }
     }
 }

StructureSpiderAdvanced/MainWindow.xaml

@@ -12,6 +12,7 @@
 			<local:HexConverter x:Key="HexConverter" />
 			<local:BoolToVisibilityConverter x:Key="BoolToHiddenConverter"/>
 			<local:ScanTypeToVisibilityConverter x:Key="ScanTypeToVisibilityConverter"/>
+			<local:OffsetConverter x:Key="OffsetConverter"/>
 		</ResourceDictionary>
 	</Window.Resources>
 	<Grid DataContext="{Binding ElementName=ucMain}">
@@ -34,18 +35,8 @@
 			<Button Content="Refresh" HorizontalAlignment="Left" VerticalAlignment="Top" MinWidth="80" Margin="5" Click="RefreshProcesses" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}"/>
 
 			<CheckBox Content="No Looping Pointers" ToolTip="Removing duplicates, preventing application to stuck in closed cycle." Margin="5" IsChecked="{Binding Path=ViewModel.NoLooping}" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" Foreground="#FFC8C8C8"/>
-			<CheckBox ToolTip="pro: Filter out incorrect/unstable pointers con: Works buggy while scanning strings" Content="Use Virtual Method Table" Margin="5" IsChecked="{Binding Path=ViewModel.UseMethodTable}" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" Foreground="#FFC8C8C8"/>
-			<TextBox ToolTip="Recommended value is 3.Bigger structures has bigger VMT. You can change this if you know what you doing." materialDesign:HintAssist.Hint="Min VMT Length" Style="{StaticResource MaterialDesignFloatingHintTextBox}" 
-					 VerticalContentAlignment="Center" Margin="5" MinWidth="50" Foreground="#FFC8C8C8"
-					 IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" Visibility="{Binding Path=ViewModel.UseMethodTable, Converter={StaticResource BoolToHiddenConverter}}">
-				<TextBox.Text>
-					<Binding Path="ViewModel.MethodTableLength" UpdateSourceTrigger="PropertyChanged">
-						<Binding.ValidationRules>
-							<local:StringToIntValidationRule ValidationStep="RawProposedValue"/>
-						</Binding.ValidationRules>
-					</Binding>
-				</TextBox.Text>
-			</TextBox>
+			<CheckBox ToolTip="pro: Filter out incorrect/unstable pointers. con: Works buggy while scanning strings" Content="Use Virtual Method Table" Margin="5" IsChecked="{Binding Path=ViewModel.UseMethodTable}" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" Foreground="#FFC8C8C8"/>
+			<CheckBox ToolTip="Strongly recommended for x64 process, can be buggy for x32 process" Content="Use memory pages for checking pointer" Margin="5" IsChecked="{Binding Path=ViewModel.UseMemoryPage}" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" Foreground="#FFC8C8C8"/>
 		</StackPanel>
 		<GridSplitter Grid.Row="1" HorizontalAlignment="Stretch" Height="10"></GridSplitter>
 		<StackPanel Grid.Row="2" Orientation="Horizontal">
@@ -92,18 +83,9 @@
 				</TextBox.Text>
 			</TextBox>
 
-			<TextBox materialDesign:HintAssist.Hint="Alignment" ToolTip="Scan step. For x32 bit process pointers and strings recommended alignment value is 4, for x64 recommended value is 8" Style="{StaticResource MaterialDesignFloatingHintTextBox}" 
-					 VerticalContentAlignment="Center" Margin="5" MinWidth="50" Foreground="#FFC8C8C8"
-					 IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}" 
-					 Visibility="{Binding Path=ViewModel.SelectedDataType, Converter={StaticResource ScanTypeToVisibilityConverter}, ConverterParameter=PointerAlighment}">
-				<TextBox.Text>
-					<Binding Path="ViewModel.Alignment" UpdateSourceTrigger="PropertyChanged">
-						<Binding.ValidationRules>
-							<local:StringToIntValidationRule ValidationStep="RawProposedValue"/>
-						</Binding.ValidationRules>
-					</Binding>
-				</TextBox.Text>
-			</TextBox>
+			<ComboBox materialDesign:HintAssist.Hint="Alignment" ToolTip="Scan step. For x32 bit process pointers and strings recommended alignment value is 4, for x64 recommended value is 8" Style="{StaticResource MaterialDesignFloatingHintComboBox}" 
+					  ItemsSource="{Binding Path=ViewModel.Alignments}" SelectedValue="{Binding Path=ViewModel.Alignment}" IsEnabled="{Binding Path=ViewModel.InterfaceEnabled}"
+					  MinWidth="50" Margin="5" Foreground="#FFC8C8C8"/>
 
 			<TextBox materialDesign:HintAssist.Hint="String Length" ToolTip="Maximum length of string bytes to read" Style="{StaticResource MaterialDesignFloatingHintTextBox}" 
 					 VerticalContentAlignment="Center" Margin="5" MinWidth="50" Foreground="#FFC8C8C8"
@@ -129,8 +111,21 @@
 
 		</StackPanel>
 		<GridSplitter Grid.Row="3" HorizontalAlignment="Stretch" Height="10"></GridSplitter>
-		<DataGrid Grid.Row="4" Name="ResultsList" ItemsSource="{Binding Path=ViewModel.VisibleResults}" CanUserAddRows="False" CanUserDeleteRows="False" CanUserReorderColumns="False">
-
+		<DataGrid Grid.Row="4" Name="ResultsList" ItemsSource="{Binding Path=ViewModel.VisibleResults}" CanUserAddRows="False" CanUserDeleteRows="False" CanUserReorderColumns="False" AutoGenerateColumns="False">
+			<DataGrid.Columns>
+				<DataGridTextColumn Header="Level" Binding="{Binding Level}" />
+				<DataGridTextColumn Header="Value" Binding="{Binding Value}" />
+				<DataGridTextColumn Header="Offset0" Binding="{Binding Offset0, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset1" Binding="{Binding Offset1, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset2" Binding="{Binding Offset2, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset3" Binding="{Binding Offset3, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset4" Binding="{Binding Offset4, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset5" Binding="{Binding Offset5, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset6" Binding="{Binding Offset6, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset7" Binding="{Binding Offset7, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset8" Binding="{Binding Offset8, Converter={StaticResource OffsetConverter}}" />
+				<DataGridTextColumn Header="Offset9" Binding="{Binding Offset9, Converter={StaticResource OffsetConverter}}" />
+			</DataGrid.Columns>
 		</DataGrid>
 
 		<GridSplitter Grid.Row="5" HorizontalAlignment="Stretch" Height="10"></GridSplitter>

StructureSpiderAdvanced/Memory.cs

@@ -12,16 +12,18 @@ public class Memory
         protected long PointerMaxValue;
 
         protected readonly IntPtr ProcHandle;
+        public readonly ProcessSections SectionsController;
 
         public int PointerLength { get; protected set; }
         public bool Is64Bit { get; protected set; }
 
-        public Memory(IntPtr procHandle)
+        public Memory(IntPtr procHandle, ProcessSections sectionsController)
         {
+            SectionsController = sectionsController;
             PointerStaticMinValue = 0x10000000;
             PointerStaticMaxValue = 0xF0000000;
-            PointerMinValue =   0x10000;
-            PointerMaxValue =   0xF0000000;
+            PointerMinValue = 0x10000;
+            PointerMaxValue = 0xF0000000;
             PointerLength = 4;
             ProcHandle = procHandle;
         }
@@ -64,7 +66,7 @@ public long ReadLong(IntPtr addr)
         public virtual IntPtr ReadPointer(IntPtr addr)//will be overrided by Memory_x64 class
         {
             var bytes = ReadMem(addr, 4);
-            var intptrNum = BitConverter.ToInt32(bytes, 0);
+            var intptrNum = BitConverter.ToUInt32(bytes, 0);
             return new IntPtr(intptrNum);
         }
 
@@ -104,27 +106,47 @@ private static string RTrimNull(string text)
             return num > 0 ? text.Substring(0, num) : text;
         }
 
-        public PointerType CheckPointer(IntPtr pointer)
+        public SectionCategory CheckPointer(IntPtr pointer)
         {
-            var address = pointer.ToInt64();
+            if (pointer.IsNull())
+                return SectionCategory.Unknown;
 
-            if (address >= PointerStaticMinValue && address <= PointerStaticMaxValue)
-                return PointerType.StaticPointer;
-            if (address >= PointerMinValue && address <= PointerMaxValue)
-                return PointerType.Pointer;
-            return PointerType.NotPointer;
+            if(!MainViewModel.Instance.UseMemoryPage)
+            {
+                var address = pointer.ToInt64();
+                if (address >= PointerStaticMinValue && address <= PointerStaticMaxValue)
+                    return SectionCategory.CODE;
+                if (address >= PointerMinValue && address <= PointerMaxValue)
+                    return SectionCategory.HEAP;
+                return SectionCategory.Unknown;
+            }
+          
+            Section section;
+            try
+            {
+                section = SectionsController.GetSectionToPointer(pointer);
+            }
+            catch
+            {
+                return SectionCategory.Unknown;
+            }
+
+            if(section != null)
+                return section.Category;
+
+            return SectionCategory.Unknown;
         }
 
+        // If the section contains data, it is at least a pointer to a class or something.
         public bool IsSimplePointer(IntPtr pointer)
         {
-            var address = pointer.ToInt64();
-            return address >= PointerMinValue && address <= PointerMaxValue;
+            var pointerType = CheckPointer(pointer);
+            return pointerType == SectionCategory.HEAP || pointerType == SectionCategory.DATA;
         }
 
         public static bool ReadProcessMemory(IntPtr handle, IntPtr baseAddress, byte[] buffer)
         {
-            IntPtr bytesRead;
-            return ReadProcessMemory(handle, baseAddress, buffer, buffer.Length, out bytesRead);
+            return ReadProcessMemory(handle, baseAddress, buffer, buffer.Length, out IntPtr bytesRead);
         }
 
         [DllImport("kernel32.dll", SetLastError = true)]
@@ -134,16 +156,10 @@ private byte[] ReadMem(IntPtr addr, int size)
         {
             var array = new byte[size];
             ReadProcessMemory(ProcHandle, addr, array);
-            //if (!ReadProcessMemory(ProcHandle, addr, array))
-            //    throw new InvalidOperationException("Unable to read memory.");
             return array;
-        }
-    }
+        }
 
-    public enum PointerType
-    {
-        NotPointer,
-        StaticPointer,
-        Pointer
+
+  
     }
 }

StructureSpiderAdvanced/Memory_x64.cs

@@ -4,13 +4,13 @@ namespace StructureSpiderAdvanced
 {
     public class Memory_x64 : Memory
     {
-        public Memory_x64(IntPtr procHandle) : base(procHandle)
+        public Memory_x64(IntPtr procHandle, ProcessSections sectionsController) : base(procHandle, sectionsController)
         {
-            PointerStaticMinValue = 0x7FF000000000;       
+            PointerStaticMinValue = 0x7FF000000000;
             PointerStaticMaxValue = 0x7FFF00000000;
-            PointerMinValue =   0x100000000;
-            PointerMaxValue =   0xF000000000;
-            //          
+            PointerMinValue = 0x100000000;
+            PointerMaxValue = 0xF000000000;
+
             PointerLength = 8;
             Is64Bit = true;
         }

StructureSpiderAdvanced/ProcessManager.cs

@@ -2,15 +2,20 @@
 using System.ComponentModel;
 using System.Diagnostics;
 using System.Runtime.InteropServices;
+using System.Windows.Forms;
 
 namespace StructureSpiderAdvanced
 {
     public class ProcessManager : IDisposable
     {
+        public static ProcessManager Instance;
         public IntPtr ProcHandle { get; private set; }
         public bool X64Process { get; private set; }
         public Process Process { get; private set; }
         public bool FoundProcess { get; private set; }
+
+        public readonly ProcessSections SectionsController = new ProcessSections();
+
         public void SetProcess(int pId)
         {
             try
@@ -23,12 +28,16 @@ public void SetProcess(int pId)
                 _closed = false;
 
                 Process.Exited += Process_Exited;
+
+                SectionsController.UpdateProcessInformations(ProcHandle);
             }
             catch (Win32Exception ex)
             {
+                MessageBox.Show("You should run program as an administrator");
                 throw new Exception("You should run program as an administrator", ex);
             }
         }
+
         private void Process_Exited(object sender, EventArgs e)
         {
             Dispose();
@@ -39,12 +48,13 @@ public Memory GetMemoryForProcess()
         {
             if(!FoundProcess)
             {
+                MessageBox.Show("Process handle is not initialized. (Program is exited)");
                 throw new InvalidOperationException("Process handle is not initialized.");
             }
             if (X64Process)
-                return new Memory_x64(ProcHandle);
+                return new Memory_x64(ProcHandle, SectionsController);
 
-            return new Memory(ProcHandle);
+            return new Memory(ProcHandle, SectionsController);
         }
 
         ~ProcessManager()