Hi wine-devels,
I am trying to port a Windows program, SmartHunter, to Linux (port is https://github.com/Emanem/linux-hunter).
This Windows program is a companion app (https://github.com/sir-wilhelm/SmartHunter) for a game (Monster Hunter : World). This companion app relies on scanning memory and finding precise memory patterns and then, based on such patterns, dereference pointers (even multiple levels) and access structures in memory.
Made up example:
1. find memory pointer which matches 48 8B 0D ?? ?? ?? ?? E8 (where ?? can be any byte) 2. interpret the four ?? ?? ?? ?? as a 32 bit pointer 3. dereference what pointed as a utf8 string (or a double or int or ...) or recursively dereference up until you reach desired structure in memory
In terms of porting this program, I have my port running natively on Linux against a wine process:
- I execute "Monster Hunter : World" via wine/proton - I run my ported app and then it scans the memory of the wine process
When porting this program I have been able to resolve and navigate some structures, but some others I can't. I can find some complex patterns (such as "48 8B 0D ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 0D ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 05 ?? ?? ?? ?? 83 A0 ?? ?? ?? ?? ?? C6 43" or "48 8B 0D ?? ?? ?? ?? B2 01 E8 ?? ?? ?? ?? C6 83 ?? ?? ?? ?? ?? 48 8B 0D"), but when I start "navigating" those and dereference some alleged pointers I end up outside of the process memory spaces. Furthermore I seem to have found that for some types (namely utf8 strings) seems like wine allocates 1 more byte than Windows, hence somehow deviating from expected memory layout.
Am I correct in thinking that wine allocations may be slightly different than Windows (i.e. larger)?
This being the case it would change the expected layout.
Thanks in advance, Emanuele