/* (C) 2003-2007 Willem Jan Hengeveld <itsme@xs4all.nl>
 * Web: http://www.xs4all.nl/~itsme/
 *      http://wiki.xda-developers.com/
 *
 * $Id: $
 */
#include <windows.h>
#include "ItsUtils.h"
#include "dllversion.h"
#include "debug.h"
#include "args.h"
#include <stdio.h>
#include <string.h>
#include <rapi.h>

#include <string>
#include "stringutils.h"

bool ITSearchMemory(HANDLE hProc, DWORD dwOffset, DWORD dwType, const ByteVector& pattern, ByteVector& result)
{
    DWORD insize= 0;
    SearchMemoryParams *inbuf= NULL;
    DWORD outsize=0;
    SearchMemoryResult *outbuf=NULL;

    ByteVector in;
    in.resize(sizeof(SearchMemoryParams)+pattern.size()-1);
    insize= in.size();
    inbuf= vectorptr(in);

    inbuf->hProcess= hProc;
    inbuf->dwOffset= dwOffset;
    inbuf->dwType= dwType;
    inbuf->dwLength= pattern.size();
    memcpy(inbuf->data, vectorptr(pattern), pattern.size());

    outbuf= NULL; outsize= 0;
    HRESULT res= ItsutilsInvoke(L"ITSearchMemory",
            insize, (BYTE*)&inbuf,
            &outsize, (BYTE**)&outbuf);
    if (res || outbuf==NULL)
    {
        error(res, "ITSearchMemory");
        return false;
    }
    if (outbuf->dwFoundLength) {
        result.resize(outbuf->dwFoundLength);
        memcpy(vectorptr(result), outbuf->data, outbuf->dwFoundLength);
        *pdwOffset= outbuf->dwFoundOffset;
    }
    else {
        result.clear();
    }
    LocalFree(outbuf);

    return true;
}
void usage()
{
    // general options:
    //  -v : verbose
    //  -m : display match
    //
    // area specification:
    //    -n processname    : search address space of process
    //    -p START-END      : search physical memory range
    //    -o START-END      : search virtual memory range
    //
    // search type specification:
    // -ro    : search for relative offset
    // -o     : search for relative and absolute offset
    // -b     : bytelist
    // -s     : literal string  ( to search for patterns that look like regex, or bytesequence )
    // -1, -2, -4 : specify search alignment
    //
    // pattern specification:
    // 0x1234-0x5678   : offset range   [ -ro,  -o ]
    // 0x1234-0x5678/0xffff00   : offset range with mask  [ -ro,  -o ]
    // 0x1234/0xffff00 : dword with mask  [ -ro,  -o ]
    // 67,89,ab,cd     : byte list      [ -b ]
    // 12,30/f0,/0     : bytes with masks
    // /regex/         : regular expression
    // sometext        : string .. anything else
    //
    printf("(C) 2003-2008 Willem jan Hengeveld  itsme@xs4all.nl\n");
    printf("Usage: psearchmem [-v] [-n processname] [-p] pattern\n");
    printf("pattern can be one of the following:\n");
    printf("  /regex/  - search regex string\n");
    printf("  0xHEX    - search hex dword\n");
    printf("  xx xx xx - search hex bytes\n");
    printf("  -i       : search case insensitive\n");
    printf("  -r       : search arm relative offset\n");
    printf("  -a       : find ascii and unicode matches\n");
    printf("\n");
}
int main( int argc, char *argv[])
{
    bool bVerbose= false;

    DebugStdOut();
    for (int i=1 ; i<argc ; i++)
    {
        if (argv[i][0]=='-') switch(argv[i][1])
        {
            case 'v': bVerbose= true; break;
            default: usage(); 
                     return 1;
        }
        else {
            usage();
            return 1;
        }
    }

    CheckITSDll();

    CeRapiUninit();

    return 0;
}