API tools faq
paste
Advertisement
R3v3rs3r

External process pattern scan with mask in all region 2 [C++]

R3v3rs3r
Jul 24th, 2023
602
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ (WinAPI) 2.24 KB | Source Code | 0 0
raw download clone embed print report
  1. #include <Windows.h>
  2. #include <iostream>
  3. #include <vector>
  4.  
  5. uintptr_t FindPatternWithMask(HANDLE processHandle, uintptr_t baseAddress, const char* pattern, const char* mask) {
  6.     SIZE_T bytesRead;
  7.     MEMORY_BASIC_INFORMATION memInfo;
  8.     std::vector<char> buffer(4096);
  9.  
  10.     while (VirtualQueryEx(processHandle, (LPCVOID)baseAddress, &memInfo, sizeof(memInfo))) {
  11.         if (memInfo.State == MEM_COMMIT && memInfo.Protect != PAGE_NOACCESS) {
  12.             ReadProcessMemory(processHandle, memInfo.BaseAddress, buffer.data(), buffer.size(), &bytesRead);
  13.  
  14.             for (size_t i = 0; i < bytesRead; ++i) {
  15.                 bool found = true;
  16.                 for (size_t j = 0; j < strlen(mask); ++j) {
  17.                     if (mask[j] == 'x' && buffer[i + j] != pattern[j]) {
  18.                         found = false;
  19.                         break;
  20.                     }
  21.                 }
  22.                 if (found) {
  23.                     return (uintptr_t)memInfo.BaseAddress + i;
  24.                 }
  25.             }
  26.         }
  27.         baseAddress = (uintptr_t)memInfo.BaseAddress + memInfo.RegionSize;
  28.     }
  29.  
  30.     return 0;
  31. }
  32.  
  33. int main() {
  34.     // Example usage to find a pattern with a mask in an external process
  35.     const char* processName = "TARGET_PROCESS.exe";
  36.     const char* pattern = "\x12\x34\xAB\xCD";
  37.     const char* mask = "xx?x";
  38.  
  39.     HWND targetWindow = FindWindowA(NULL, processName);
  40.     if (targetWindow == NULL) {
  41.         std::cout << "Could not find the target process window." << std::endl;
  42.         return 1;
  43.     }
  44.  
  45.     DWORD processId;
  46.     GetWindowThreadProcessId(targetWindow, &processId);
  47.  
  48.     HANDLE processHandle = OpenProcess(PROCESS_VM_READ, FALSE, processId);
  49.     if (processHandle == NULL) {
  50.         std::cout << "Could not open the target process." << std::endl;
  51.         return 1;
  52.     }
  53.  
  54.     uintptr_t baseAddress = 0x0; // Start scanning from the base address (modify as needed)
  55.     uintptr_t result = FindPatternWithMask(processHandle, baseAddress, pattern, mask);
  56.  
  57.     if (result != 0) {
  58.         std::cout << "Pattern found at address: 0x" << std::hex << result << std::endl;
  59.     } else {
  60.         std::cout << "Pattern not found." << std::endl;
  61.     }
  62.  
  63.     CloseHandle(processHandle);
  64.     return 0;
  65. }
  66.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!