Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "patternscan.h"
- AoBPattern PatternScan::StringToPattern(string Name, int Offset, uchar_t wildcard, string PatternStr)
- {
- AoBPattern ret;
- char cWildcard[3] = { '\0' }; // 3 Null terminator
- sprintf_s(cWildcard, sizeof(cWildcard), "%x", wildcard);
- auto patternVec = Utils::PrasePattern(PatternStr, " ", cWildcard);
- ret.Pattern = patternVec;
- ret.Len = patternVec.size();
- ret.Name = Name;
- ret.Offset = Offset;
- ret.Wildcard = wildcard;
- return ret;
- }
- /*
- uintptr_t FindMemPattern
- HANDLE hProc - Handle to process
- uintptr_t dwStart - Starting memory address
- uintptr_t dwSize - How many bytes to read
- uchar_t uPattern - Attempt to match this string
- int nLen - Length of the pattern string (string can contain null character so specfiy size)
- unsigned int nOffset - Amount of bytes to add (set to a negative value to sub)
- */
- vector<uintptr_t> PatternScan::FindMemPattern(BypaPH* ByPH, uintptr_t dwStart, uintptr_t dwEnd, AoBPattern Pattern, bool firstOnly)
- {
- vector<uintptr_t> ret;
- SYSTEM_INFO si = { 0 };
- GetSystemInfo(&si);
- if (dwStart < (uintptr_t)si.lpMinimumApplicationAddress)
- dwStart = (uintptr_t)si.lpMinimumApplicationAddress;
- if (dwEnd > (uintptr_t)si.lpMaximumApplicationAddress)
- dwEnd = (uintptr_t)si.lpMaximumApplicationAddress /* - Pattern.Len */;
- SIZE_T dwOut = 0;
- uintptr_t dwSize = dwEnd - dwStart;
- uintptr_t dwLen = (dwStart + dwSize);
- const uchar_t *uPattern = Pattern.Pattern.data();
- int nLen = Pattern.Len;
- int k = 0;
- PBYTE pBuf = (PBYTE)malloc(si.dwPageSize);
- // Cycle through memory based on page size
- for (uintptr_t i = dwStart; i <= dwLen; i += si.dwPageSize)
- {
- if (!Program->Work) break;
- // Read one page or skip if failed
- if (ByPH->RWVM(ByPH->m_hTarget, (LPVOID)i, pBuf, si.dwPageSize, &dwOut) != STATUS_SUCCESS)
- {
- ZeroMemory(pBuf, si.dwPageSize);
- continue;
- }
- for (uintptr_t j = 0; j <= dwOut; j++)
- {
- // If the byte matches our pattern or wildcard
- if (pBuf[j] == uPattern[k] || uPattern[k] == Pattern.Wildcard)
- {
- // Did we find it?
- if (++k == nLen)
- {
- // Our match function places us at the begin of the pattern
- // To locate the pointer we need to subtract nOffset bytes
- ret.push_back(((i + j) - (nLen - 1)) + Pattern.Offset);
- if (firstOnly)
- {
- free(pBuf);
- return ret;
- }
- }
- }
- else
- {
- k = 0;
- }
- }
- ZeroMemory(pBuf, si.dwPageSize);
- }
- free(pBuf);
- return ret;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement