[HELP]FindPattern

[♪~ ᕕ(ᐛ)ᕗ]

EDIT: Can some1 tell me how to find the mask of a siggy

['Bruno]

I find this one to be a good example:

"Think of this like a detour in the road: if you're driving to your mall, and there's a construction site going on, you'll usually be taken down a detour. However, you'll still arrive at the mall, just through a different means" By someone at another forum.

[♪~ ᕕ(ᐛ)ᕗ]

I find this one to be a good example:

"Think of this like a detour in the road: if you're driving to your mall, and there's a construction site going on, you'll usually be taken down a detour. However, you'll still arrive at the mall, just through a different means" By someone at another forum.

umm, idk I didn't understood anything, are we talking about the same detours? I mean this:
Detours - Microsoft Research

EDIT: Oh never mind. I found out what it is.

['Bruno]

umm, idk I didn't understood anything, are we talking about the same detours? I mean this:
Detours - Microsoft Research

EDIT: Oh never mind. I found out what it is.

You were talking about the library, but you also asked what is a detour(i guess you asked, an hook).
And i answered with a simple definition to explain what the name exactly is.

And this is on the link that you posted:

Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.

It's talking about the api, but still, it explains what is does.(hook?)
Or maybe i'm just misunderstanding what you asked. (probably that, as i wasn't talking about the api) Just meh.. I'm probabily not explaining myself correctly, and confusing you and me.

[♪~ ᕕ(ᐛ)ᕗ]

You were talking about the library, but you also asked what is a detour(i guess you asked, an hook).
And i answered with a simple definition to explain what the name exactly is.

And this is on the link that you posted:


It's talking about the api, but still, it explains what is does.(hook?)
Or maybe i'm just misunderstanding what you asked. (probably that, as i wasn't talking about the api) Just meh.. I'm probabily not explaining myself correctly, and confusing you and me.

I did understood. But now I need the FindPattern Function....

HUH?
NVM....
Can some1 tell me how to find the mask of a siggy?

[freedompeace]

I did understood. But now I need the FindPattern Function....

HUH?
NVM....
Can some1 tell me how to find the mask of a siggy?

Take your address. Look at what bytes there are, look at the surrounding code, and select bytes that will not change.

[♪~ ᕕ(ᐛ)ᕗ]

Take your address. Look at what bytes there are, look at the surrounding code, and select bytes that will not change.

well, ok..for ie:

Code:

JMP 006658874

JMP will not change...so I have to put it:

Code:

EB ??

And from there I should do:

Code:

xx??

So this is the mask?

[[MPGH]master131]

Uhm you're supposed to be using Array Of Bytes as a signature. Not ASM code from CE.

0xFF = Byte required
0x00 = Byte optional

That's now people normally use masks anyway.

But one question, what exactly are you trying to do? Are you trying to find an address via a pattern finder?

[Hell_Demon]

jmp 12345678 looks like \xEB\x78\x56\x34\x12
since only 0xEB is static:

sig: "\xEB\x00\x00\x00\x00"
mask: "x????"

[♪~ ᕕ(ᐛ)ᕗ]

jmp 12345678 looks like \xEB\x78\x56\x34\x12
since only 0xEB is static:

sig: "\xEB\x00\x00\x00\x00"
mask: "x????"

yea thanks....
so in masks:
x = Fixed Byte
? = Variable Byte
^^
Well thanks HD and master.