Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Internal Pattern Scan
- char* PatternScan::Scan(char* base, size_t size, AoBPattern pattern, int startFrom)
- {
- size_t patternLength = pattern.Mask.length();
- if (size <= 0 || pattern.Mask.size() <= 0 || startFrom > size - pattern.Mask.size() || pattern.Mask.size() > size)
- return 0;
- for (unsigned int i = startFrom; i < size - patternLength; i++)
- {
- bool found = true;
- for (unsigned int j = 0; j < patternLength; j++)
- {
- if (pattern.Mask[j] != '?')
- {
- unsigned char gg = *(unsigned char*)(base + i + j);
- if (pattern.Pattern[j] != gg)
- {
- found = false;
- break;
- }
- }
- /*if (pattern.Mask[j] != '?' && pattern.Pattern[j] != *(base + i + j))
- {
- found = false;
- break;
- }*/
- }
- if (found)
- {
- return (base + i);
- }
- }
- return 0;
- }
- //External Wrapper
- vector<uintptr_t> PatternScan::ScanEx2(BypaPH* ByPH, uintptr_t begin, uintptr_t end, AoBPattern pattern, bool firstOnly)
- {
- /*SYSTEM_INFO sysInfo;
- GetSystemInfo(&sysInfo);
- uintptr_t start = (uintptr_t)sysInfo.lpMinimumApplicationAddress;
- uintptr_t end = (uintptr_t)sysInfo.lpMaximumApplicationAddress;*/
- vector<uintptr_t> ret;
- vector<MemoryRegion> MemBlocks;
- uintptr_t currentChunk = begin;
- HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ByPH->pID);
- while (currentChunk < end)
- {
- MEMORY_BASIC_INFORMATION mbi;
- auto QueryFail = VirtualQueryEx(pHandle, (LPVOID)currentChunk, &mbi, sizeof(mbi));
- int laste = GetLastError();
- if (!QueryFail)
- return ret;
- char* buffer = 0;
- bool isValid = mbi.State == MEM_COMMIT;
- isValid &= (uintptr_t)mbi.BaseAddress < end;
- isValid &= ((mbi.Protect & PAGE_GUARD) == 0);
- isValid &= ((mbi.Protect & PAGE_NOACCESS) == 0);
- isValid &= (mbi.Type == MEM_PRIVATE);
- if (isValid)
- {
- bool isWritable = ((mbi.Protect & PAGE_READWRITE) > 0) ||
- ((mbi.Protect & PAGE_WRITECOPY) > 0) ||
- ((mbi.Protect & PAGE_EXECUTE_READWRITE) > 0) ||
- ((mbi.Protect & PAGE_EXECUTE_WRITECOPY) > 0);
- bool isExecutable = ((mbi.Protect & PAGE_EXECUTE) > 0) ||
- ((mbi.Protect & PAGE_EXECUTE_READ) > 0) ||
- ((mbi.Protect & PAGE_EXECUTE_READWRITE) > 0) ||
- ((mbi.Protect & PAGE_EXECUTE_WRITECOPY) > 0);
- //isWritable &= writable;
- //isExecutable &= executable;
- isValid &= isWritable || isExecutable;
- }
- if (!isValid)
- {
- currentChunk = (uintptr_t)mbi.BaseAddress + mbi.RegionSize;
- continue;
- }
- if (isValid)
- {
- // Store Memory Blocks
- MemoryRegion memBlock;
- memBlock.address = currentChunk;
- memBlock.regionSize = mbi.RegionSize;
- MemBlocks.push_back(memBlock);
- }
- currentChunk = currentChunk + mbi.RegionSize;
- }
- parallel_for_each(MemBlocks.begin(), MemBlocks.end(), [&](MemoryRegion block)
- {
- // Read Memory
- SIZE_T bytesRead;
- char* buffer = new char[block.regionSize];
- ByPH->RWVM(ByPH->m_hTarget, (LPVOID)block.address, buffer, block.regionSize, &bytesRead);
- if (bytesRead == 0)
- {
- if (buffer)
- delete buffer;
- return;
- }
- // Scan The Pattern
- char* internalAddress;
- int start = 0;
- while ((internalAddress = Scan(buffer, block.regionSize, pattern, start)) != 0)
- {
- uintptr_t offsetFromBuffer = internalAddress - buffer;
- start += offsetFromBuffer + pattern.Mask.size();
- uintptr_t match = block.address + offsetFromBuffer;
- if (match <= 0x0) continue;
- ret.push_back(match);
- }
- delete buffer;
- });
- return ret;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
