killerleong (12-05-2016),kokzhaoyu2 (12-08-2016)
Code:
#pragma once
#include <windows.h>
#include <psapi.h>
#pragma comment(lib, "psapi.lib")
#include <stdio.h>
// Usage: unsigned long address = signature_scanner->search("3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C 4DA");
// X is the address
// ? is a wildcard
class signature_scanner
{
private:
unsigned long BaseAddress;
unsigned long ModuleSize;
public:
signature_scanner()
{
//SYSTEM_INFO info;
//GetSystemInfo(&info);
//this->BaseAddress = (unsigned long)info.lpMinimumApplicationAddress;
// Could be injected earlier than expected
while (!(this->BaseAddress = (unsigned long)GetModuleHandle(NULL)))
Sleep(100);
// Getting size of image
MODULEINFO modinfo;
while (!GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modinfo, sizeof(MODULEINFO)))
Sleep(100);
this->ModuleSize = modinfo.SizeOfImage;
// Wait for the application to finish loading
MEMORY_BASIC_INFORMATION meminfo;
while (true)
{
if (VirtualQuery((void*)this->ModuleSize, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)))
if (!(meminfo.Protect &PAGE_EXECUTE_WRITECOPY))
break;
Sleep(100);
}
}
unsigned long search(const char* string, unsigned short offset=0)
{
unsigned int p_length = strlen(string);// Pattern's length
if (p_length % 2 != 0 || p_length < 2 || !this->BaseAddress || !this->ModuleSize) return NULL;// Invalid operation
unsigned short length = p_length / 2;// Number of bytes
// The buffer is storing the real bytes' values after parsing the string
unsigned char* buffer = new unsigned char[length];
SecureZeroMemory(buffer, length);
// Copy of string
char* pattern = new char[p_length+1];// +1 for the null terminated string
ZeroMemory(pattern, p_length+1);
strcpy_s(pattern, p_length+1, string);
_strupr_s(pattern, p_length+1);
// Set vars
unsigned char f_byte;
unsigned char s_byte;
// Parsing of string
for (unsigned short z = 0; z < length; z++)
{
f_byte = pattern[z*2];// First byte
s_byte = pattern[(z*2)+1];// Second byte
if ( ( (f_byte <= 'F' && f_byte >= 'A') || (f_byte <= '9' && f_byte >= '0') ) && ( (s_byte <= 'F' && s_byte >= 'A') || (s_byte <= '9' && s_byte >= '0') ) )
{
if (f_byte <= '9') buffer[z] += f_byte - '0';
else buffer[z] += f_byte - 'A' + 10;
buffer[z] *= 16;
if (s_byte <= '9') buffer[z] += s_byte - '0';
else buffer[z] += s_byte - 'A' + 10;
}
else if (f_byte == 'X' || s_byte == 'X') buffer[z] = 'X';
else buffer[z] = '?';// Wildcard
}
// Remove buffer
delete[] pattern;
// Start searching
unsigned short x;
unsigned long i = this->BaseAddress;
MEMORY_BASIC_INFORMATION meminfo;
unsigned long EOR;
while (i < this->ModuleSize)
{
VirtualQuery((void*)i, &meminfo, sizeof(MEMORY_BASIC_INFORMATION));
if (!(meminfo.Protect &PAGE_EXECUTE_READWRITE))// Good for AVA for now
{// !(meminfo.Protect &(PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) || !(meminfo.State &MEM_COMMIT)
i += meminfo.RegionSize;
continue;
}
EOR = i + meminfo.RegionSize;
for (; i < EOR; i++)
{
for (x = 0; x < length; x++)
if (buffer[x] != ((unsigned char*)i)[x] && buffer[x] != '?' && buffer[x] != 'X')
break;
if (x == length)
{
delete[] buffer;
const char* s_offset = strstr(string, "X");
if (s_offset != NULL)
return *(unsigned long*)&((unsigned char*)i)[length - strlen(s_offset) / 2];
else
return *(unsigned long*)&((unsigned char*)i)[length + offset];
}
}
}
// Didn't find anything
delete[] buffer;
return NULL;
}
};
[IMG]https://www.dooomca*****m/alison/stockgroup.jpg[/IMG]
[IMG]https://www.dooomca*****m/alison/ad_Neat_min.jpg[/IMG]
[IMG]https://www.dooomca*****m/alison/SStotoro.jpg[/IMG]
[IMG]https://dooomca*****m/webcomic/BNbio.jpg[/IMG]
killerleong (12-05-2016),kokzhaoyu2 (12-08-2016)
very crazy thanks nice nice nice
Hi @kenjifurry
Honestly, you need improving your english and try be more especific in your question, bcuz, you keep making threads about random source codes, I guess that you dont have a minimum knowledge for at less ask something about programming.
So, be more precise when asking, showing errors, bugs or detailing what you dont know, and then maybe some programmers will help you.
kenjifurry (12-05-2016)
What do you want to check? This is not complete source.
Code:#pragma once #include <windows.h> #include <psapi.h> #pragma comment(lib, "psapi.lib") #include <stdio.h> // Usage: unsigned long address = signature_scanner->search("3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C4DA"); // X is the address // ? is a wildcard class signature_scanner { private: unsigned long BaseAddress; unsigned long ModuleSize; public: signature_scanner() { //SYSTEM_INFO info; //GetSystemInfo(&info); //this->BaseAddress = (unsigned long)info.lpMinimumApplicationAddress; // Could be injected earlier than expected while (!(this->BaseAddress = (unsigned long)GetModuleHandle(NULL))) Sleep(100); // Getting size of image MODULEINFO modinfo; while (!GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modinfo, sizeof(MODULEINFO))) Sleep(100); this->ModuleSize = modinfo.SizeOfImage; // Wait for the application to finish loading MEMORY_BASIC_INFORMATION meminfo; while (true) { if (VirtualQuery((void*)this->ModuleSize, &meminfo, sizeof(MEMORY_BASIC_INFORMATION))) if (!(meminfo.Protect &PAGE_EXECUTE_WRITECOPY)) break; Sleep(100); } } unsigned long search(const char* string, unsigned short offset=0) { unsigned int p_length = strlen(string);// Pattern's length if (p_length % 2 != 0 || p_length < 2 || !this->BaseAddress || !this->ModuleSize) return NULL;// Invalid operation unsigned short length = p_length / 2;// Number of bytes // The buffer is storing the real bytes' values after parsing the string unsigned char* buffer = new unsigned char[length]; SecureZeroMemory(buffer, length); // Copy of string char* pattern = new char[p_length+1];// +1 for the null terminated string ZeroMemory(pattern, p_length+1); strcpy_s(pattern, p_length+1, string); _strupr_s(pattern, p_length+1); // Set vars unsigned char f_byte; unsigned char s_byte; // Parsing of string for (unsigned short z = 0; z < length; z++) { f_byte = pattern[z*2];// First byte s_byte = pattern[(z*2)+1];// Second byte if ( ( (f_byte <= 'F' && f_byte >= 'A') || (f_byte <= '9' && f_byte >= '0') ) && ( (s_byte <= 'F' && s_byte >= 'A') || (s_byte <= '9' && s_byte >= '0') ) ) { if (f_byte <= '9') buffer[z] += f_byte - '0'; else buffer[z] += f_byte - 'A' + 10; buffer[z] *= 16; if (s_byte <= '9') buffer[z] += s_byte - '0'; else buffer[z] += s_byte - 'A' + 10; } else if (f_byte == 'X' || s_byte == 'X') buffer[z] = 'X'; else buffer[z] = '?';// Wildcard } // Remove buffer delete[] pattern; // Start searching unsigned short x; unsigned long i = this->BaseAddress; MEMORY_BASIC_INFORMATION meminfo; unsigned long EOR; while (i < this->ModuleSize) { VirtualQuery((void*)i, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)); if (!(meminfo.Protect &PAGE_EXECUTE_READWRITE))// { !(meminfo.Protect &(PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) || !(meminfo.State &MEM_COMMIT) i += meminfo.RegionSize; continue; } EOR = i + meminfo.RegionSize; for (; i < EOR; i++) { for (x = 0; x < length; x++) if (buffer[x] != ((unsigned char*)i)[x] && buffer[x] != '?' && buffer[x] != 'X') break; if (x == length) { delete[] buffer; const char* s_offset = strstr(string, "X"); if (s_offset != NULL) return *(unsigned long*)&((unsigned char*)i)[length - strlen(s_offset) / 2]; else return *(unsigned long*)&((unsigned char*)i)[length + offset]; } } } // Didn't find anything delete[] buffer; return NULL; } };
MPGH History:
Member: 02/1/2016
Contributor: 29/6/2016
Minion: 25/8/2016
Former Staff: 07/02/2017
Minion: 21/9/2017
kokzhaoyu2 (12-08-2016)
Thread Closed as requested.
/Unresolved.