POC_ByteScanningBotkillerVBNET

1. Usage:
2.  
3. On Error Resume Next
4.         Dim proc() = Process.GetProcesses
5.         For Each ifm In proc
6.             If GetProcessId(ifm.ProcessName) = False Then
7.             Else
8.                     AOBSCAN(ifm.ProcessName, ifm.ProcessName & ".exe", Sig, ifm.MainModule.FileName, ifm.Id)
9.             End If
10.         Next
11.  
12. ------------------
13.  
14. Imports System.IO
15.  
16. 'Cannot remember the name of the coder, Sorry.
17. 'Modified by SequenceInitiated
18.  
19. Module ���
20.     Friend Enum MoveFileFlags
21.         MOVEFILE_REPLACE_EXISTING = 1
22.         MOVEFILE_COPY_ALLOWED = 2
23.         MOVEFILE_DELAY_UNTIL_REBOOT = 4
24.         MOVEFILE_WRITE_THROUGH = 8
25.     End Enum
26.     <System.Runtime.InteropServices.DllImportAttribute("kernel32.dll", EntryPoint:="MoveFileEx")> _
27.     Friend Function MoveFileEx(ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal dwFlags As MoveFileFlags) As Boolean
28.     End Function
29.     Public Declare Function OpenProcess Lib "KERNEL32" _
30.         (ByVal DesiredAccess As Int32, _
31.       ByVal InheritHandle As Boolean, _
32.       ByVal ProcessId As Int32) _
33.         As Int32
34.  
35.     Private Declare Function ReadProcessMemory Lib "KERNEL32" _
36.     (ByVal Handle As Int32, _
37.   ByVal address As Int32, _
38.   ByRef Value As Int32, _
39.   Optional ByVal Size As Int32 = 4, _
40.   Optional ByVal lpNumberOfBytesWritten As Int64 = 0) _
41.     As Long
42.  
43.     Public PROCESS_VM_OPERATION As Int32 = 8
44.     Public PROCESS_VM_READ As Int32 = 16
45.     Public PROCESS_VM_WRITE As Int32 = 32
46.  
47.     Private process_id As Int32 = 0
48.     Public pHandle As Integer = 0
49.     Public Function GetProcessId(ByVal game_name As String) As Boolean
50.         Dim Processes() As Process = Process.GetProcesses
51.         Dim process_name As String
52.         Dim i As Byte
53.         For i = LBound(Processes) To UBound(Processes)
54.             process_name = Processes(i).ProcessName
55.             If process_name = game_name Then
56.                 process_id = Processes(i).Id
57.                 pHandle = OpenProcess(PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_VM_READ, False, process_id)
58.                 Return True
59.             End If
60.         Next
61.         If process_id = 0 Then
62.             Return False
63.         End If
64.         Return False
65.     End Function
66.     Public Function ReadByte(ByVal address As Int32) As Integer
67.         Dim value As Integer
68.         ReadProcessMemory(pHandle, address, value, 1, 0)
69.         Return value
70.     End Function
71.     Public Function AOBSCAN(ByVal GameName As String, ByVal ModuleName As String, ByVal Signature As Byte(), ByVal Path As String, ByVal ProcID As Integer) As Integer
72.         On Error Resume Next
73.         Dim BaseAddress, EndAddress As Int32
74.         For Each PM As ProcessModule In Process.GetProcessesByName(GameName)(0).Modules
75.             If ModuleName = PM.ModuleName Then
76.                 BaseAddress = PM.BaseAddress
77.                 EndAddress = BaseAddress + PM.ModuleMemorySize
78.             End If
79.         Next
80.         Dim curAddr As Int32 = BaseAddress
81.         Do
82.             For i As Integer = 0 To Signature.Length - 1
83.                 If ReadByte(curAddr + i) = Signature(i) Then
84.                     If i = Signature.Length - 1 Then
85.                         Return curAddr
86.                     End If
87.                     Continue For
88.                 End If
89.                 Exit For
90.             Next
91.             curAddr += 1
92.         Loop While curAddr < EndAddress
93.         Return 0
94.     End Function
95. End Module