Array-Of-Byte Scan
Array-Of-Byte Scan
I've been playing with WinAPI today and I was wondering if there is a way to search for an array of bytes in a process' memory. I've tried coding my own one but it didn't work (kept returning the starting address I specified).
Anyone got ideas? btw, these are not assembly bytes.
Anyone got ideas? btw, these are not assembly bytes.
If ya' add me on MSN I can prolly help o:
davidm_44@hotmail.com
PS: opcodes are still part of memory and you see them in the hex-viewer, you just don't see the instructions.
davidm_44@hotmail.com
PS: opcodes are still part of memory and you see them in the hex-viewer, you just don't see the instructions.
Umm,
byte[] yourbytearray;
for (i = 0 ; i < maxaddress - length; i++)
if ((byte[]*)(i) == yourbytearray)
// match?
byte[] yourbytearray;
for (i = 0 ; i < maxaddress - length; i++)
if ((byte[]*)(i) == yourbytearray)
// match?
ugh, I tried and failed hardcore despite your help. It's alot easier in VB. 
It's BYTE YourByteArray[<MaxLen>]...
And Just to make it easy make it viod*
And Just to make it easy make it viod*
Code:
BYTE B[] = {0x80, 0x8, 0xA4};
for(int i = 0; i < MaxAddie - Len; i++)
{
if((void*)(i) == (void*)((BYTE*)B) //Result
}
Maybe I should've added that I'm not injecting a DLL to do this. I'm doing it externally via a Win32 C++ app.ReadProcessMemory into an array then use this:
Substract the array start address off the address it returns, then add the start address of where you started reading and you'll have the offset in the games memory.
Code usage:
Code:
//credits to Dominik & Patrick
bool bDataCompare( const unsigned char* pData, const unsigned char* bMask, const char* szMask );
unsigned long dwFindPattern( unsigned char *bMask,char * szMask, unsigned long dw_Address = dwStartAddress, unsigned long dw_Len = dwLen );
bool bDataCompare(const unsigned char* pData, const unsigned char* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == 0;
}
unsigned long dwFindPattern( unsigned char *bMask,char * szMask, unsigned long dw_Address = 0x00401000, unsigned long dw_Len = 0x00861FFF )
{
for(unsigned long i=0; i < dw_Len; i++)
if( bDataCompare( (unsigned char*)( dw_Address+i ),bMask,szMask) )
return (unsigned long)(dw_Address+i);
return 0;
}
Code usage:
Code:
char lolwat[512] = {0,};
ReadProcMemory(0x1337, lolwat, 512);//i know this one is wrong, but you get the picture >.>
unsigned long foundAddy = dwFindPattern( "\x15\x20\x30\x40\x90","x?x?x", &lolwat, 512 );
foundAddy -= &lolwat;
foundAddy += 0x1337;
Alrighties all fixed. :3