well, try to put em as a string value....
yes it will probably workCode:New Byte() {&H98, "??", &H5, &H6A}
Hi I have been wondering how to search for a pattern in an array of byte in a process.
For example searching for:
In CoD.Code:E8 ???????? 83C4 1C 80???? 10 00 74 39
What it is supposed to do is make it unnessecary to update my program when the game updates, because the program will atomaticly find the new offset.
I actually allready found a way to search for patterns, but it doesn't work since my pattern contains ?'s(wildcards).
Here is the code I found on the web. Credits to iNTANGiBLE.
How to use it:Code:Public Declare Function OpenProcess Lib "KERNEL32" _ (ByVal DesiredAccess As Int32, _ ByVal InheritHandle As Boolean, _ ByVal ProcessId As Int32) _ As Int32 Private Declare Function ReadProcessMemory Lib "KERNEL32" _ (ByVal Handle As Int32, _ ByVal address As Int32, _ ByRef Value As Int32, _ Optional ByVal Size As Int32 = 4, _ Optional ByVal lpNumberOfBytesWritten As Int64 = 0) _ As Long Public PROCESS_VM_OPERATION As Int32 = 8 Public PROCESS_VM_READ As Int32 = 16 Public PROCESS_VM_WRITE As Int32 = 32 Private process_id As Int32 = 0 Public pHandle As Integer = 0 Public Function GetProcessId(ByVal game_name As String) As Boolean Dim Processes() As Process = Process.GetProcesses Dim process_name As String Dim i As Byte For i = LBound(Processes) To UBound(Processes) process_name = Processes(i).ProcessName If process_name = game_name Then process_id = Processes(i).Id pHandle = OpenProcess(PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_VM_READ, False, process_id) Return True End If Next If process_id = 0 Then Return False End If Return False End Function Public Function ReadByte(ByVal address As Int32) As Integer Dim value As Integer ReadProcessMemory(pHandle, address, value, 1, 0) Return value End Function Public Function AOBSCAN(ByVal GameName As String, ByVal ModuleName As String, ByVal Signature As Byte()) As Integer Dim BaseAddress, EndAddress As Int32 For Each PM As ProcessModule In Process.GetProcessesByName(GameName)(0).Modules If ModuleName = PM.ModuleName Then BaseAddress = PM.BaseAddress EndAddress = BaseAddress + PM.ModuleMemorySize End If Next Dim curAddr As Int32 = BaseAddress Do For i As Integer = 0 To Signature.Length - 1 If ReadByte(curAddr + i) = Signature(i) Then If i = Signature.Length - 1 Then MsgBox(curAddr.ToString("X")) Return curAddr End If Continue For End If Exit For Next curAddr += 1 Loop While curAddr < EndAddress Return 0 End Function
I simply am not a good enough coder to make the code support wildcards so I am hoping that you can help me.Code:If GetProcessId("CoD something") = False Then Exit Sub Else : AOBSCAN("CoD", "CoD.exe", New Byte() {&HFF, &H25, &HBC, &H30, &HF, &H1, &H75, &H2}) End If
well, try to put em as a string value....
yes it will probably workCode:New Byte() {&H98, "??", &H5, &H6A}
Last edited by ♪~ ᕕ(ᐛ)ᕗ; 03-06-2011 at 08:17 AM.
M-efti's Unlocker for alterIWnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .M-efti's MW2 SP Trainer 1.2
M-efti's Superior alterIWnet Hack . . . . . . . . . . .. . . . . . . . . . . . . . . ..M-efti's MW2 SP Trainer 1.7
M-efti's BO SP Trainer 4.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..M-efti's Dead Pixels Trainer
The problem is that it is a call so it might change after an update.
That is what I got from binary copy, but know I don't know if:Code:E8 13 9E 29 00
Is a calls binary calculate by
1. How far it jumps or.....................(For example the call is at current addres + 13AE)
2. Where it jumps to......................(F.x. call is at 7589AE7)
If it is 1 then will the new sig work, but if its 2 then I need to use wildcards.
Edit: I guess that will work, but I have another problem:
How to use the address after the program has found it. I mean the function will display the function in a msgBox, but I need to use for memory hacking.
So how should I do this?
It would be nice if it was possible to do something like this:
Code:Dim Something = "&H" + AOBSCAN("BlackOps", "BlackOps.exe", New Byte() {&HE8, &H13, &H9E, &H29, &H0, &H83, &HC4, &H1C})
Last edited by pyton789; 03-06-2011 at 09:25 AM.
M-efti's Unlocker for alterIWnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .M-efti's MW2 SP Trainer 1.2
M-efti's Superior alterIWnet Hack . . . . . . . . . . .. . . . . . . . . . . . . . . ..M-efti's MW2 SP Trainer 1.7
M-efti's BO SP Trainer 4.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..M-efti's Dead Pixels Trainer
Thanks 3lio It works but I have one last problem:
If I dim it inside of a sub then I won't be able to use it inside of another sub.Code:Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load If GetProcessId("BlackOps") = False Then Exit Sub Else Dim a = AOBSCAN("BlackOps", "BlackOps.exe", New Byte() {&HE8, &H13, &H9E, &H29, &H0, &H83, &HC4, &H1C}) Dim aa = a + &H40 Dim ab = a + &HF7 End If End Sub
Is there anything I can use instead of "dim" or do I need to put the code somewhere else?
M-efti's Unlocker for alterIWnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .M-efti's MW2 SP Trainer 1.2
M-efti's Superior alterIWnet Hack . . . . . . . . . . .. . . . . . . . . . . . . . . ..M-efti's MW2 SP Trainer 1.7
M-efti's BO SP Trainer 4.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..M-efti's Dead Pixels Trainer
To create a global variable declare it at class level rather than in a method body. I.e
[highlight=vb.net]
Public Class Form1
Private a = AOBSCAN("BlackOps", "BlackOps.exe", New Byte() {&HE8, &H13, &H9E, &H29, &H0, &H83, &HC4, &H1C})
'...
End Class
[/highlight]
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
M-efti's Unlocker for alterIWnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .M-efti's MW2 SP Trainer 1.2
M-efti's Superior alterIWnet Hack . . . . . . . . . . .. . . . . . . . . . . . . . . ..M-efti's MW2 SP Trainer 1.7
M-efti's BO SP Trainer 4.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..M-efti's Dead Pixels Trainer
Did you make sure to actually re-assign the value of a in the sub-procedure? All class-level variables evaluate original values as the form is starting up. If you want to update it's value, you'll have to reassign it.
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
Replace AOBScan with this:
Usage:Code:Public Function AOBSCAN(ByVal GameName As String, ByVal ModuleName As String, ByVal Signature As Byte(), ByVal Mask As Byte()) As Integer Dim BaseAddress, EndAddress As Int32 For Each PM As ProcessModule In Process.GetProcessesByName(GameName)(0).Modules If ModuleName = PM.ModuleName Then BaseAddress = PM.BaseAddress EndAddress = BaseAddress + PM.ModuleMemorySize End If Next Dim curAddr As Int32 = BaseAddress Do For i As Integer = 0 To Signature.Length - 1 If ReadByte(curAddr + i) = Signature(i) or Mask(i) = &H0 Then If i = Signature.Length - 1 Then MsgBox(curAddr.ToString("X")) Return curAddr End If Continue For End If Exit For Next curAddr += 1 Loop While curAddr < EndAddress Return 0 End Function
AOBScan("BlackOps", "BlackOps.exe", New Byte() {&HFF, &H25, &HBC, &H30, &HF, &H1, &H75, &H2}, New Byte() {&HFF, &H0, &HFF, &H0, &HFF, &H0, &H0, &H0})
The last parameter is a masking parameter. &H0 means that the byte is optional and &HFF (or any byte value other than &H0) means that the byte is required. Make sure the Signature and the Mask are the same length. I don't understand why the logic in that is so hard to figure out. :/
Last edited by master131; 03-06-2011 at 10:46 PM.
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
Thanks master131.
[highlight=VB.net]Module Module3
Public Declare Function OpenProcess Lib "KERNEL32" (ByVal DesiredAccess As Int32, ByVal InheritHandle As Boolean, ByVal ProcessId As Int32) As Int32
Private Declare Function ReadProcessMemory Lib "KERNEL32" (ByVal Handle As Int32, ByVal address As Int32, ByRef Value As Int32, Optional ByVal Size As Int32 = 4, Optional ByVal lpNumberOfBytesWritten As Int64 = 0) As Long
Public PROCESS_VM_OPERATION As Int32 = 8
Public PROCESS_VM_READ As Int32 = 16
Public PROCESS_VM_WRITE As Int32 = 32
Private process_id As Int32 = 0
Public pHandle As Integer = 0
Public Function GetProcessId(ByVal game_name As String) As Boolean
Dim Processes() As Process = Process.GetProcesses
Dim process_name As String
Dim i As Byte
For i = LBound(Processes) To UBound(Processes)
process_name = Processes(i).ProcessName
If process_name = game_name Then
process_id = Processes(i).Id
pHandle = OpenProcess(PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_VM_READ, False, process_id)
Return True
End If
Next
If process_id = 0 Then
Return False
End If
Return False
End Function
Public Function ReadByte(ByVal address As Int32) As Integer
Dim value As Integer
ReadProcessMemory(pHandle, address, value, 1, 0)
Return value
End Function
Public Function AOBSCAN(ByVal GameName As String, ByVal ModuleName As String, ByVal Signature As Byte(), ByVal Mask As Byte()) As Integer
Dim BaseAddress, EndAddress As Int32
For Each PM As ProcessModule In Process.GetProcessesByName(GameName)(0).Modules
If ModuleName = PM.ModuleName Then
BaseAddress = PM.BaseAddress
EndAddress = BaseAddress + PM.ModuleMemorySize
End If
Next
Dim curAddr As Int32 = BaseAddress
Do
For i As Integer = 0 To Signature.Length - 1
If ReadByte(curAddr + i) = Signature(i) Or Mask(i) = &H0 Then
If i = Signature.Length - 1 Then
MsgBox(curAddr.ToString("X"))
Return curAddr
End If
Continue For
End If
Exit For
Next
curAddr += 1
Loop While curAddr < EndAddress
Return 0
End Function
End Module[/highlight]
That is how the module looks. It can scan for patterns and it supports wildcards.
How to use:
[highlight=VB.net]If GetProcessId("BlackOps") = False Then
Exit Sub
Else : AOBSCAN("BlackOps", "BlackOps.exe", New Byte() {&HE8, &H13, &H9E, &H29, &H0, &H83, &HC4, &H1C}, New Byte() {&HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF})
End If[/highlight]
The problem is:
It returns the address in a msgbox without "&H" in front of it.
I would like it to be returned like readmemory.(You know Return Buff*)
That would allow me to use the function like this:
[highlight=VB.net]Dim a as integer = AOBSCAN("BlackOps", "BlackOps.exe", New Byte() {&HE8, &H13, &H9E, &H29, &H0, &H83, &HC4, &H1C}, New Byte() {&HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF})[/highlight]
M-efti's Unlocker for alterIWnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .M-efti's MW2 SP Trainer 1.2
M-efti's Superior alterIWnet Hack . . . . . . . . . . .. . . . . . . . . . . . . . . ..M-efti's MW2 SP Trainer 1.7
M-efti's BO SP Trainer 4.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..M-efti's Dead Pixels Trainer
You declared a as an Integer, which automatically evaluates the hex (&Hxxxxx) into an integer value. If you want it to be returned as Hex create it as string so it doesn't evaluate the hex.
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
Simply Use Built-In Hex Function:
Code:Hex(Number / String To Convert)