Originally Posted by
-InSaNe-
It does not generate a pattern.. it just print the bytes of the address... That's not a pattern, if you try to scan for that when a new update comes out, it won't get any results.
This.
This is why you use a pattern in this case which is one that contains wildcards in their byte order.
Here's a little snippet on finding a pattern in C++:
Code:
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask)
return 0;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (bCompare((BYTE*)(dwAddress+i),bMask,szMask))
return (DWORD)(dwAddress+i);
return 0;
}
So you can use this by:
Eg. You have a byte pattern: 6A 32 0D 51 but the third byte is not the same even though you're sure the function or location is correct. (Same for pointers)
So the pattern for this would be: (We use the byte prefix "\x") "\x6A\x32\x0D\x51" and all patterns must have a mask map so it will be: (Third is "?") "xx?x"
So you can get the address for something by:
Code:
int HealthAddress = FindPattern ( ( DWORD )0xDEADBEEF, GetSizeOfModule ( "iw5mp.exe" ), ( PBYTE )"\x6A\x32\x0D\x51", ( char * )"xx?x" );
So for a multi pointer:
Code:
DWORD * CorrectedHealthAddress = * ( DWORD * ) * ( DWORD * ) * ( DWORD * ) ( DWORD* ) HealthAddress;