Read .text section bytes from file instead of process memory (#2251)

* Read .text section bytes from file instead of memory * format * fix oversight * only read bytes from file once
2025-12-15 21:24:16 +01:00 · 2025-08-05 06:55:34 +08:00 · 2025-08-05 06:55:34 +08:00 · 83d32fe02c
commit 83d32fe02c
parent 9ad0d86463
1 changed files with 21 additions and 4 deletions
--- a/Dalamud/Game/SigScanner.cs
+++ b/Dalamud/Game/SigScanner.cs
@ -7,7 +7,6 @@ using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Threading;
-
 using Iced.Intel;
 using Newtonsoft.Json;
 using Serilog;
@ -21,6 +20,8 @@ namespace Dalamud.Game;
 /// </summary>
 public class SigScanner : IDisposable, ISigScanner
 {
+    private static byte[]? fileBytes;
+
    private readonly FileInfo? cacheFile;

    private nint moduleCopyPtr;
@ -51,12 +52,16 @@ public class SigScanner : IDisposable, ISigScanner
        this.Is32BitProcess = !Environment.Is64BitProcess;
        this.IsCopy = doCopy;

+        if (this.IsCopy)
+        {
+            this.SetupCopiedSegments();
+
+            fileBytes ??= File.ReadAllBytes(module.FileName);
+        }
+
        // Limit the search space to .text section.
        this.SetupSearchSpace(module);

-        if (this.IsCopy)
-            this.SetupCopiedSegments();
-
        Log.Verbose($"Module base: 0x{this.TextSectionBase.ToInt64():X}");
        Log.Verbose($"Module size: 0x{this.TextSectionSize:X}");

@ -494,6 +499,18 @@ public class SigScanner : IDisposable, ISigScanner
                case 0x747865742E: // .text
                    this.TextSectionOffset = Marshal.ReadInt32(sectionCursor, 12);
                    this.TextSectionSize = Marshal.ReadInt32(sectionCursor, 8);
+
+                    if (this.IsCopy)
+                    {
+                        var pointerToRawData = Marshal.ReadInt32(sectionCursor, 20);
+
+                        Marshal.Copy(
+                                     fileBytes.AsSpan(pointerToRawData, this.TextSectionSize).ToArray(),
+                                     0,
+                                     this.moduleCopyPtr + (nint)this.TextSectionOffset,
+                                     this.TextSectionSize);
+                    }
+
                    break;
                case 0x617461642E: // .data
                    this.DataSectionOffset = Marshal.ReadInt32(sectionCursor, 12);