Results 1 to 8 of 8
  1. #1
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,466
    My Mood
    Relaxed

    C++ Signature Scanner

    Signature Scanner is for advanced C++ users. The scanner works through a DLL only and is designed to work with AVA.

    Please don't ask "What is this?". I already noted out it is for advanced members.


    Lets start:


    signature_scanner.h
    Code:
    #pragma once
    #include <windows.h>
    #include <psapi.h>
    #pragma comment(lib, "psapi.lib")
    #include <stdio.h>
    
    // Usage: unsigned long address = signature_scanner->search("3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C4DA");
    // X is the address
    // ? is a wildcard
    
    class signature_scanner
    {
    private:
    	unsigned long BaseAddress;
    	unsigned long ModuleSize;
    
    public:
    	signature_scanner()
    	{
    		//SYSTEM_INFO info;
    		//GetSystemInfo(&info);
    		//this->BaseAddress = (unsigned long)info.lpMinimumApplicationAddress;
    
    		// Could be injected earlier than expected
    
    		while (!(this->BaseAddress = (unsigned long)GetModuleHandle(NULL)))
    			Sleep(100);
    
    		// Getting size of image
    
    		MODULEINFO modinfo;
    
    		while (!GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modinfo, sizeof(MODULEINFO)))
    			Sleep(100);
    
    		this->ModuleSize = modinfo.SizeOfImage;
    
    		// Wait for the application to finish loading
    
    		MEMORY_BASIC_INFORMATION meminfo;
    
    		while (true)
    		{
    			if (VirtualQuery((void*)this->ModuleSize, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)))
    				if (!(meminfo.Protect &PAGE_EXECUTE_WRITECOPY))
    					break;
    
    			Sleep(100);
    		}
    	}
    
    	unsigned long search(const char* string, unsigned short offset=0)
    	{
    		unsigned int p_length = strlen(string);// Pattern's length
    
    		if (p_length % 2 != 0 || p_length < 2 || !this->BaseAddress || !this->ModuleSize) return NULL;// Invalid operation
    
    		unsigned short length = p_length / 2;// Number of bytes
    
    		// The buffer is storing the real bytes' values after parsing the string
    		unsigned char* buffer = new unsigned char[length];
    		SecureZeroMemory(buffer, length);
    
    		// Copy of string
    
    		char* pattern = new char[p_length+1];// +1 for the null terminated string
    		ZeroMemory(pattern, p_length+1);
    		strcpy_s(pattern, p_length+1, string);
    		_strupr_s(pattern, p_length+1);
    
    		// Set vars
    
    		unsigned char f_byte;
    		unsigned char s_byte;
    
    		// Parsing of string
    
    		for (unsigned short z = 0; z < length; z++)
    		{
    			f_byte = pattern[z*2];// First byte
    			s_byte = pattern[(z*2)+1];// Second byte
    
    			if ( ( (f_byte <= 'F' && f_byte >= 'A') || (f_byte <= '9' && f_byte >= '0') ) && ( (s_byte <= 'F' && s_byte >= 'A') || (s_byte <= '9' && s_byte >= '0') ) )
    			{
    				if (f_byte <= '9') buffer[z] += f_byte - '0';
    				else buffer[z] += f_byte - 'A' + 10;
    				buffer[z] *= 16;
    				if (s_byte <= '9') buffer[z] += s_byte - '0';
    				else buffer[z] += s_byte - 'A' + 10;
    			}
    			else if (f_byte == 'X' || s_byte == 'X') buffer[z] = 'X';
    			else buffer[z] = '?';// Wildcard
    		}
    
    		// Remove buffer
    
    		delete[] pattern;
    
    		// Start searching
    		
    		unsigned short x;
    		unsigned long i = this->BaseAddress;
    		MEMORY_BASIC_INFORMATION meminfo;
    		unsigned long EOR;
    		
    		while (i < this->ModuleSize)
    		{
    			VirtualQuery((void*)i, &meminfo, sizeof(MEMORY_BASIC_INFORMATION));
    
    			if (!(meminfo.Protect &PAGE_EXECUTE_READWRITE))// Good for AVA for now
    			{// !(meminfo.Protect &(PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) || !(meminfo.State &MEM_COMMIT)
    				i += meminfo.RegionSize;
    				continue;
    			}
    
    			EOR = i + meminfo.RegionSize;
    
    			for (; i < EOR; i++)
    			{
    				for (x = 0; x < length; x++)
    					if (buffer[x] != ((unsigned char*)i)[x] && buffer[x] != '?' && buffer[x] != 'X')
    						break;
    
    				if (x == length)
    				{
    					delete[] buffer;
    					const char* s_offset = strstr(string, "X");
    
    					if (s_offset != NULL)
    						return *(unsigned long*)&((unsigned char*)i)[length - strlen(s_offset) / 2];
    					else
    						return *(unsigned long*)&((unsigned char*)i)[length + offset];
    				}
    			}
    		}
    		
    		// Didn't find anything
    
    		delete[] buffer;
    		return NULL;
    	}
    };

    Example of using:

    DLL itself:

    Code:
    #include <windows.h>
    #include "signature_scanner.h"
    
    void main()
    {
    	Beep(1000, 100);
    
    	signature_scanner *scanner = new signature_scanner;
    	
    	HANDLE checking;
    	unsigned long pointer;
    	bool* ingame;
    
    	try
    	{
    		if (!(ingame = (bool*)scanner->search("83C40885C00F95C0C705????????????????A2")))
    			throw "Couldn't retrieve ingame pointer.";
    
    		if (!(pointer = scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6")))
    			throw "Couldn't retrieve bino pointer.";
    	}
    	catch ( LPCSTR error )
    	{
    		MessageBox(NULL, error, "Error", MB_OK | MB_ICONERROR);
    		return;
    	}
    
    	while (true)
    	{
    		// Checks if he is in game
    		
    		if (*ingame)
    		{
    			// If he is in game then do some stuff
    			
    			if (IsBadReadPtr((void*)pointer, sizeof(unsigned long)) == NULL)
    			{
    				unsigned long address = *(unsigned long*)pointer + offset;
    
    				if (IsBadReadPtr((void*)address, sizeof(unsigned long)) == NULL)
    				{
    
    				}
    			}
    		}
    		
    		Sleep(2000);
    	}
    }
    
    bool WINAPI DllMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved)
    {
    	if (fdwReason == DLL_PROCESS_ATTACH)
    	{
    		DisableThreadLibraryCalls(hDLLInst);
    
    		if (CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL) == NULL)
    		{
    			MessageBox(NULL, new_thread, "Error", MB_OK | MB_ICONERROR);
    			return false;
    		}
    	}
    	
    	return true;
    }
    That was just a code sample to show you hoe you can use it.

    The search funcion inside the scanner class is what you will be using to do memory scanning.
    Like if we search like this:

    Code:
    scanner->search("83C40885C00F95C0C705????????????????A2");
    83 is a single hex byte. Meaning it is like this: 0x83.

    So the actual signature is:

    Code:
    0x83 0xC4 0x08 0x85 0xC0 0x0F 0x95 0xC0 0xC7 0x05 ?? ?? ?? ?? ?? ?? ?? ?? 0xA2
    Two "?" is a wildcard byte. And the signature will ignore them.

    Additionally it will take the address at the end of the signature unless you specify the second perameter in this function, which is 0 by default.

    If the address is in the middle of the signature you can do the following:

    Code:
    scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6");
    As you know, the address is Unsigned long and thus we write 8 "X"(4bytes=4*2).
    When X is detected in the string, the second perameter of the function is ignored.

    The string must be in upper case letters.
    Last edited by Jabberwock; 08-28-2012 at 08:15 AM. Reason: typo mistakes
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  2. The Following 2 Users Say Thank You to Jabberwock For This Useful Post:

    iZRO (09-09-2012),Jason` (11-17-2014)

  3. #2
    kalokoko's Avatar
    Join Date
    Jul 2012
    Gender
    male
    Posts
    247
    Reputation
    10
    Thanks
    166
    My Mood
    Angelic
    I don't understand you... What is this C++ code or DLL or what?

  4. #3
    GeenStijl's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Posts
    82
    Reputation
    10
    Thanks
    10
    My Mood
    Asleep
    Quote Originally Posted by kalokoko View Post
    I don't understand you... What is this C++ code or DLL or what?
    Can't you read?
    "Please don't ask "What is this?". I already noted out it is for advanced members."

    C++ - Wikipedia, the free encyclopedia
    Dynamic-link library - Wikipedia, the free encyclopedia

  5. #4
    zZzeta/S's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Germany
    Posts
    1,061
    Reputation
    43
    Thanks
    2,082
    Thanks Jabber for releasing this here. But i found it eaelier in the web
    Quote Originally Posted by Jabberwo0ck View Post
    Quote Originally Posted by uNrEaL View Post
    Cool, thanks!
    Ccman has gone too low. I've known for a long time he was sneaky.
    >top lel much crack many get so download wow

  6. #5
    Jabberwock's Avatar
    Join Date
    Jun 2012
    Gender
    male
    Posts
    1,655
    Reputation
    191
    Thanks
    14,466
    My Mood
    Relaxed
    "Found it" what do you mean? Never released mine outside of the forum.
    Even familiar landscapes will
    reveal a different kind of beauty
    if you change your viewpoint.
    Where these new encounters
    and new bonds will lead you...
    Such dazzling golden days.
    I, too, look forward to
    what I might behold.

    Everything depends on you friend. Be strong don't give up. Don't let the sadness hurt you. Be strong and prevail!

  7. #6
    game31force's Avatar
    Join Date
    Mar 2012
    Gender
    male
    Posts
    115
    Reputation
    25
    Thanks
    238
    My Mood
    Stressed
    can you complete your source code in a project
    it will be better for a beginner user!
    THX

  8. #7
    DarkSt0rmX's Avatar
    Join Date
    Sep 2011
    Gender
    male
    Location
    Dragonball GT
    Posts
    1,217
    Reputation
    19
    Thanks
    1,372
    My Mood
    Relaxed
    Quote Originally Posted by game31force View Post
    can you complete your source code in a project
    it will be better for a beginner user!
    THX
    No! Beginner users like me must download/buy some c++ and read like I'm doing. Thanks @Jabberwo0ck for helping me, really good person.

     
    Skype: vituzzzu21

     
    Quote Originally Posted by Nuuma View Post
    he added me amd65 i got it , legit guy i vouch him
    Quote Originally Posted by .Cereal View Post
    People these 3 guys are trusted and safe, no harm for you .
    Quote Originally Posted by Kailani View Post
    thanks for gun adding for me
    Quote Originally Posted by kurtdampire View Post
    Really fast ! I vouch for this guy. Thanks again.
    Quote Originally Posted by GtxRive123 View Post
    THIS GUY IS SO LEGIT.! HE DOES THE GUNADD SO FAST.! HE IS 100% LEGIT no SCAM.!! Fastest gunadder in MPGH.NET in my oppinion I VOUCH FOR HIM !
    Quote Originally Posted by FreaZzer View Post
    Thanks for adding ! He's legit and fast !

  9. #8
    Better MPGH Event Organizer Than Arun Since '12
    Former Staff
    Premium Member
    Color's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    California
    Posts
    19,638
    Reputation
    2154
    Thanks
    7,649
    Quote Originally Posted by kalokoko View Post
    I don't understand you... What is this C++ code or DLL or what?
    you must learn C++ and hacking to know what they mean, nuff said.

    Member Since 8/05/2012
    Editor 4/04/13 - 4/21/13
    Middleman 7/14/13 - 11/4/13

    Battlefield Minion 6/13/14-3/20/15
    Steam Minion 7/16/14-3/20/15

    Minion+ 10/1/14-3/20/15
    M.A.T. Minion 10/19/14-3/20/15
    ROTMG Minion 1/14/15-3/20/15

    Donator Since 2/26/15 (Thanks @Cursed!)
    Steam Minion 5/9/15 - 11/5/15
    OSFPS Minion 9/15/15 - 11/5/15


Similar Threads

  1. Basic Signature
    By Chronologix in forum Tutorials
    Replies: 68
    Last Post: 09-25-2007, 01:33 AM
  2. Add to your signature :P
    By arunforce in forum General
    Replies: 30
    Last Post: 09-20-2007, 07:16 PM
  3. Signature Request
    By RebornAce in forum Help & Requests
    Replies: 31
    Last Post: 01-13-2006, 12:53 AM
  4. My new signature
    By arunforce in forum Art & Graphic Design
    Replies: 5
    Last Post: 01-10-2006, 04:41 PM
  5. please a signature
    By yonylv in forum Help & Requests
    Replies: 2
    Last Post: 01-04-2006, 12:21 AM