Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- BOOL DataCompare(BYTE *data, BYTE *sign, char *mask)
- {
- for (; *mask; mask++, sign++, data++) {
- if (*mask == 'x' && *data != *sign) return FALSE;
- }
- return (*mask) == NULL;
- }
- DWORD ScanSignature(DWORD addr, DWORD size, BYTE *sign, char *mask)
- {
- if (size == 0 || sign == nullptr || mask == nullptr) return 0;
- HANDLE hProc = GetCurrentProcess();
- if (hProc)
- {
- MEMORY_BASIC_INFORMATION mbi = { 0 };
- DWORD offset = 0;
- while (offset < size)
- {
- VirtualQueryEx(hProc, reinterpret_cast<LPCVOID>(addr + offset), &mbi, sizeof(MEMORY_BASIC_INFORMATION));
- if (mbi.State != MEM_FREE)
- {
- BYTE *buffer = new BYTE[mbi.RegionSize];
- ReadProcessMemory(hProc, mbi.BaseAddress, buffer, mbi.RegionSize, 0);
- for (SIZE_T i = 0; i < mbi.RegionSize; i++)
- {
- if (DataCompare(buffer + i, sign, mask))
- {
- CloseHandle(hProc);
- delete[] buffer;
- return reinterpret_cast<DWORD>(mbi.BaseAddress) + i;
- }
- }
- delete[] buffer;
- }
- offset += mbi.RegionSize;
- }
- CloseHandle(hProc);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
