c0dycode
/
BL3ProxySettings
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
1 Commit
1 Ramo (Branch)
121 MiB
 
Albero (Tree): d57c5a2e16
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'd57c5a2e16'
${ noResults }
BL3ProxySettings/include/patternscan.hpp

655 righe
20 KiB
Originale Blame Cronologia 

  1. #pragma once

  2. // #include <istream>

  3. // #include <fstream>

  4. // #include <vector>

  5. #include <string>

  6. // #include <sstream>

  7. // #include <Psapi.h>

  8. // #include <iterator>

  9. #include <Windows.h>

  10. // #include <assert.h>

  11. // #include <iostream>

  12. // #include <algorithm>

  13. 

  14. #include <Psapi.h>

  15. 

  16. // enum EPagePermissions

  17. // {

  18. // 	Execute = PAGE_EXECUTE,

  19. // 	ExecuteRead = PAGE_EXECUTE_READ,

  20. // 	ExecuteReadWrite = PAGE_EXECUTE_READWRITE,

  21. // 	ExecuteWriteCopy = PAGE_EXECUTE_WRITECOPY,

  22. // 	Read = PAGE_READONLY,

  23. // 	ReadWrite = PAGE_READWRITE,

  24. // 	WriteCopy = PAGE_WRITECOPY,

  25. // 	WriteCombine = PAGE_WRITECOMBINE

  26. // };

  27. 

  28. // struct PatternInfo

  29. // {

  30. // 	const char *Pattern;

  31. // 	EPagePermissions Permissions;

  32. // };

  33. 

  34. namespace PatternScan

  35. {

  36. 	// 	struct PatternByte

  37. 	// 	{

  38. 	// 		struct PatternNibble

  39. 	// 		{

  40. 	// 			unsigned char data;

  41. 	// 			bool wildcard;

  42. 	// 		} nibble[2];

  43. 	// 	};

  44. 

  45. 	// 	static std::string formathexpattern(std::string patterntext)

  46. 	// 	{

  47. 	// 		std::string result;

  48. 	// 		int len = patterntext.length();

  49. 	// 		for (int i = 0; i < len; i++)

  50. 	// 			if (patterntext[i] == '?' || isxdigit(patterntext[i]))

  51. 	// 				result += toupper(patterntext[i]);

  52. 	// 		return result;

  53. 	// 	}

  54. 

  55. 	// 	static int hexchtoint(char ch)

  56. 	// 	{

  57. 	// 		if (ch >= '0' && ch <= '9')

  58. 	// 			return ch - '0';

  59. 	// 		else if (ch >= 'A' && ch <= 'F')

  60. 	// 			return ch - 'A' + 10;

  61. 	// 		else if (ch >= 'a' && ch <= 'f')

  62. 	// 			return ch - 'a' + 10;

  63. 	// 		return 0;

  64. 	// 	}

  65. 

  66. 	// 	static bool patterntransform(std::string patterntext, std::vector<PatternByte> &pattern)

  67. 	// 	{

  68. 	// 		pattern.clear();

  69. 	// 		patterntext = formathexpattern(patterntext);

  70. 	// 		int len = patterntext.length();

  71. 	// 		if (!len)

  72. 	// 			return false;

  73. 

  74. 	// 		if (len % 2) //not a multiple of 2

  75. 	// 		{

  76. 	// 			patterntext += '?';

  77. 	// 			len++;

  78. 	// 		}

  79. 

  80. 	// 		PatternByte newByte;

  81. 	// 		for (int i = 0, j = 0; i < len; i++)

  82. 	// 		{

  83. 	// 			if (patterntext[i] == '?') //wildcard

  84. 	// 			{

  85. 	// 				newByte.nibble[j].wildcard = true; //match anything

  86. 	// 			}

  87. 	// 			else //hex

  88. 	// 			{

  89. 	// 				newByte.nibble[j].wildcard = false;

  90. 	// 				newByte.nibble[j].data = hexchtoint(patterntext[i]) & 0xF;

  91. 	// 			}

  92. 

  93. 	// 			j++;

  94. 	// 			if (j == 2) //two nibbles = one byte

  95. 	// 			{

  96. 	// 				j = 0;

  97. 	// 				pattern.push_back(newByte);

  98. 	// 			}

  99. 	// 		}

  100. 	// 		return true;

  101. 	// 	}

  102. 

  103. 	// 	static bool patternmatchbyte(unsigned char byte, const PatternByte &pbyte)

  104. 	// 	{

  105. 	// 		int matched = 0;

  106. 

  107. 	// 		unsigned char n1 = (byte >> 4) & 0xF;

  108. 	// 		if (pbyte.nibble[0].wildcard)

  109. 	// 			matched++;

  110. 	// 		else if (pbyte.nibble[0].data == n1)

  111. 	// 			matched++;

  112. 

  113. 	// 		unsigned char n2 = byte & 0xF;

  114. 	// 		if (pbyte.nibble[1].wildcard)

  115. 	// 			matched++;

  116. 	// 		else if (pbyte.nibble[1].data == n2)

  117. 	// 			matched++;

  118. 

  119. 	// 		return (matched == 2);

  120. 	// 	}

  121. 

  122. 	// 	size_t patternfind(std::string pattern, int offset)

  123. 	// 	{

  124. 	// 		std::vector<PatternByte> searchpattern;

  125. 

  126. 	// 		std::string::iterator end_pos = std::remove(pattern.begin(), pattern.end(), ' ');

  127. 	// 		pattern.erase(end_pos, pattern.end());

  128. 

  129. 	// 		SYSTEM_INFO sysinf;

  130. 	// 		GetSystemInfo(&sysinf);

  131. 

  132. 	// 		DWORD startAddress = (DWORD)sysinf.lpMinimumApplicationAddress;

  133. 

  134. 	// 		unsigned char *data = (unsigned char *)startAddress;

  135. 

  136. 	// 		//MEMORY_BASIC_INFORMATION mbi;

  137. 

  138. 	// 		if (!patterntransform(pattern.c_str(), searchpattern))

  139. 	// 			return (size_t)-1;

  140. 

  141. 	// 		//#define MEMORY_READABLE        (PAGE_READONLY    | PAGE_READWRITE    | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE)

  142. 	// 		//#define MEMORY_WRITABLE        (PAGE_READWRITE | PAGE_EXECUTE_READWRITE)

  143. 	// 		//#define MEMORY_EXECUTABLE    (PAGE_EXECUTE    | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE)

  144. 	// 		size_t searchpatternsize = searchpattern.size();

  145. 	// 		for (size_t i = 0, pos = 0; i < 0x7FFFFFFF; i++) //search for the pattern

  146. 	// 		{

  147. 	// 			//if (VirtualQuery((LPVOID)i, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) != 0

  148. 	// 			//	&& ((mbi.State != MEM_COMMIT) || !(mbi.Protect & MEMORY_READABLE) || (mbi.Protect & PAGE_GUARD)))

  149. 	// 			//	//&& mbi.State == MEM_COMMIT && mbi.Protect != PAGE_NOACCESS && !(mbi.Protect & PAGE_GUARD))

  150. 	// 			//{

  151. 	// 			if (patternmatchbyte(data[i], searchpattern.at(pos))) //check if our pattern matches the current byte

  152. 	// 			{

  153. 	// 				pos++;

  154. 	// 				if (pos == searchpatternsize) //everything matched

  155. 	// 				{

  156. 	// 					if (offset >= 0)

  157. 	// 						return startAddress + i - searchpatternsize + 1 + offset;

  158. 	// 					if (offset < 0)

  159. 	// 						return startAddress + i - searchpatternsize + 1 - offset;

  160. 	// 				}

  161. 	// 			}

  162. 	// 			else if (pos > 0) //fix by Computer_Angel

  163. 	// 			{

  164. 	// 				i -= pos;

  165. 	// 				pos = 0; //reset current pattern position

  166. 	// 			}

  167. 	// 			/*}

  168. 	// 			else

  169. 	// 				i += mbi.RegionSize;*/

  170. 	// 		}

  171. 	// 		return (size_t)-1;

  172. 	// 	}

  173. 

  174. 	// 	// Find all occurences of the Pattern until a wildcard is hit

  175. 	// 	std::vector<uintptr_t> FindAllOccurences(std::vector<char *> pattern, std::vector<char> streamToSearch)

  176. 	// 	{

  177. 	// 		std::vector<uintptr_t> positions;

  178. 

  179. 	// 		// Length of the pattern to look for

  180. 	// 		unsigned int patternLength = pattern.size();

  181. 

  182. 	// 		// Total length of file to look through

  183. 	// 		unsigned int totalLength = streamToSearch.size();

  184. 

  185. 	// 		// First Byte of the pattern to look for

  186. 	// 		//unsigned char* firstMatchByte;

  187. 	// 		auto firstMatchByte = std::strtol(reinterpret_cast<const char *>(pattern[0]), nullptr, 16);

  188. 	// 		std::vector<unsigned char> parsedPattern;

  189. 	// 		parsedPattern.reserve(pattern.size());

  190. 	// 		for (auto &pat : pattern)

  191. 	// 		{

  192. 	// 			parsedPattern.push_back((unsigned char)std::strtoul(reinterpret_cast<const char *>(pat), nullptr, 16));

  193. 	// 		}

  194. 

  195. 	// 		for (unsigned int i = 0; i < totalLength; i++)

  196. 	// 		{

  197. 	// 			//auto cmp = (unsigned char)streamToSearch[i];

  198. 	// 			//auto cmp2 = (unsigned char)firstMatchByte;

  199. 	// 			//auto cmp2 = std::strtol(reinterpret_cast<const char*>(streamToSearch.data()[i]), nullptr, 16);

  200. 	// 			//auto second = streamToSearch;

  201. 	// 			//memcpy(&firstMatchByte, streamToSearch[i], sizeof (unsigned char*));

  202. 	// 			// If the first Byte of the Searchpattern is at the current location of i

  203. 	// 			// and the totalLength - i is greater or equal to the pattern length

  204. 	// 			//if(i == 0x00000000000dca41)

  205. 	// 			//{

  206. 	// 			//Q_ASSERT(false);

  207. 	// 			//}

  208. 	// 			if ((unsigned char)streamToSearch[i] == firstMatchByte && totalLength - i >= patternLength)

  209. 	// 			//if (pattern.data()[0] == *(streamToSearch.begin() +i) && totalLength - i >= patternLength)

  210. 	// 			{

  211. 	// 				std::vector<unsigned char> match; //[patternLength];

  212. 	// 				match.resize(patternLength);

  213. 	// 				memcpy(&match[0], &streamToSearch[i], patternLength);

  214. 

  215. 	// 				// If the current range of the search matches the searchPattern

  216. 	// 				// add the current position(i) to the positionList and break

  217. 	// 				if (memcmp(match.data(), parsedPattern.data(), patternLength) == 0)

  218. 	// 				{

  219. 	// 					positions.push_back(static_cast<uintptr_t>(i));

  220. 	// 				}

  221. 	// 				else

  222. 	// 				{

  223. 	// 					memset(&match, 0, patternLength);

  224. 	// 				}

  225. 	// 			}

  226. 	// 		}

  227. 	// 		return positions;

  228. 	// 	}

  229. 

  230. 	// 	// Find all occurences of the Pattern until a wildcard is hit

  231. 	// 	std::vector<uintptr_t> FindAllOccurences(std::vector<char *> pattern, uintptr_t startAddress, uintptr_t totalSize = 0x7FFFFFFF)

  232. 	// 	{

  233. 	// 		std::vector<uintptr_t> positions;

  234. 

  235. 	// 		// Length of the pattern to look for

  236. 	// 		unsigned int patternLength = pattern.size();

  237. 

  238. 	// 		// Total length of file to look through

  239. 	// 		unsigned int totalLength = totalSize - startAddress;

  240. 

  241. 	// 		// First Byte of the pattern to look for

  242. 	// 		//unsigned char* firstMatchByte;

  243. 	// 		auto firstMatchByte = std::strtol(reinterpret_cast<const char *>(pattern[0]), nullptr, 16);

  244. 	// 		std::vector<unsigned char> parsedPattern;

  245. 	// 		parsedPattern.reserve(pattern.size());

  246. 

  247. 	// 		for (auto &pat : pattern)

  248. 	// 		{

  249. 	// 			parsedPattern.push_back((unsigned char)std::strtol(reinterpret_cast<const char *>(pat), nullptr, 16));

  250. 	// 		}

  251. 

  252. 	// 		for (unsigned int i = 0; i < totalLength; i++)

  253. 	// 		{

  254. 	// 			if ((*(PBYTE)startAddress + i) == firstMatchByte && totalLength - i >= patternLength)

  255. 	// 			{

  256. 	// 				std::vector<unsigned char> match; //[patternLength];

  257. 	// 				match.resize(patternLength);

  258. 	// 				memcpy(&match[0], (LPVOID)(*(PBYTE)startAddress + i), patternLength);

  259. 

  260. 	// 				// If the current range of the search matches the searchPattern

  261. 	// 				// add the current position(i) to the positionList and break

  262. 	// 				if (memcmp(match.data(), parsedPattern.data(), patternLength) == 0)

  263. 	// 				{

  264. 	// 					positions.push_back(static_cast<uintptr_t>(i));

  265. 	// 				}

  266. 	// 				else

  267. 	// 				{

  268. 	// 					memset(&match, 0, patternLength);

  269. 	// 				}

  270. 	// 			}

  271. 	// 		}

  272. 	// 		return positions;

  273. 	// 	}

  274. 

  275. 	// 	// Search the given Pattern iconst n the given& char-vector

  276. 	// 	uintptr_t SearchBytePattern(const std::string &pattern, std::vector<char> streamToSearch, int offset)

  277. 	// 	{

  278. 	// 		std::istringstream buf(pattern);

  279. 	// 		std::istream_iterator<std::string> beg(buf), end;

  280. 	// 		std::vector<std::string> tokens(beg, end);

  281. 	// 		std::vector<char *> patternArray;

  282. 	// 		patternArray.reserve(tokens.size());

  283. 	// 		for (auto &data : tokens)

  284. 	// 		{

  285. 	// 			patternArray.push_back(_strdup(data.c_str()));

  286. 	// 		}

  287. 

  288. 	// 		std::vector<char *> temp;

  289. 

  290. 	// 		for (unsigned int i = 0; i < tokens.size(); i++)

  291. 	// 		{

  292. 	// 			// Using QString for the "startsWith function

  293. 	// 			// auto value = QString(patternArray[i]);

  294. 	// 			// if(!value.startsWith('?', Qt::CaseInsensitive))

  295. 	// 			auto value = std::string(patternArray[i]);

  296. 	// 			if (!_strnicmp(value.c_str(), "?", sizeof("?")))

  297. 	// 			{

  298. 	// 				temp.push_back(patternArray[i]);

  299. 	// 			}

  300. 	// 			else

  301. 	// 				break;

  302. 	// 		}

  303. 

  304. 	// 		auto occurences = FindAllOccurences(temp, streamToSearch);

  305. 

  306. 	// 		std::vector<unsigned char> parsedPattern;

  307. 	// 		parsedPattern.reserve(patternArray.size());

  308. 	// 		for (auto &pat : patternArray)

  309. 	// 		{

  310. 	// 			parsedPattern.push_back((unsigned char)std::strtol(reinterpret_cast<const char *>(pat), nullptr, 16));

  311. 	// 		}

  312. 

  313. 	// 		std::vector<char> check(patternArray.size());

  314. 	// 		for (auto &occ : occurences)

  315. 	// 		{

  316. 	// 			memset(check.data(), 0, patternArray.size());

  317. 	// 			memcpy(check.data(), &streamToSearch[occ], patternArray.size());

  318. 

  319. 	// 			for (unsigned int o = 0; o < patternArray.size(); o++)

  320. 	// 			{

  321. 	// 				// If the current Patterncharacter is a wildcard, go to next index

  322. 	// 				if (isalnum(*patternArray[o]) == 0) // == 0 || isalpha(*patternArray[0]) == 0)

  323. 	// 					continue;

  324. 

  325. 	// 				// Convert current Patternindex

  326. 	// 				char pat = (char)std::stoul(std::string(patternArray[o]), nullptr, 16);

  327. 

  328. 	// 				// Compare memory, if equal, result is 0

  329. 	// 				int mem = memcmp(&check[o], &pat, 1);

  330. 

  331. 	// 				// If memory is not equal, the pattern doesn't match

  332. 	// 				if (mem != 0)

  333. 	// 				{

  334. 	// 					break;

  335. 	// 				}

  336. 	// 				// o can only be the size of the pattern if it matches

  337. 	// 				if (o == patternArray.size() - 1)

  338. 	// 				{

  339. 	// 					if (offset < 0)

  340. 	// 						return occ - offset;

  341. 	// 					if (offset > 0)

  342. 	// 						return occ + offset;

  343. 	// 					return occ;

  344. 	// 				}

  345. 	// 			}

  346. 	// 		}

  347. 	// 		// No result found

  348. 	// 		return 0;

  349. 	// 	}

  350. 

  351. 	// 	uintptr_t SearchBytePattern(uintptr_t startAddress, uintptr_t fileSize, const std::string &pattern, int offset)

  352. 	// 	{

  353. 	// 		MODULEINFO miInfos = {NULL};

  354. 	// 		HMODULE hmModule = GetModuleHandle(NULL);

  355. 

  356. 	// 		if (hmModule)

  357. 	// 		{

  358. 	// 			GetModuleInformation(GetCurrentProcess(), hmModule, &miInfos, sizeof(MODULEINFO));

  359. 	// 		}

  360. 

  361. 	// 		std::istringstream buf(pattern);

  362. 	// 		std::istream_iterator<std::string> beg(buf), end;

  363. 	// 		std::vector<std::string> tokens(beg, end);

  364. 	// 		std::vector<char *> patternArray;

  365. 	// 		patternArray.reserve(tokens.size());

  366. 	// 		for (auto &data : tokens)

  367. 	// 		{

  368. 	// 			patternArray.push_back(_strdup(data.c_str()));

  369. 	// 		}

  370. 

  371. 	// 		std::vector<char *> temp;

  372. 

  373. 	// 		for (unsigned int i = 0; i < tokens.size(); i++)

  374. 	// 		{

  375. 	// 			// Using QString for the "startsWith function

  376. 	// 			auto value = std::string(patternArray[i]);

  377. 	// 			if (_strnicmp(value.c_str(), "?", sizeof("?")))

  378. 	// 			{

  379. 	// 				temp.push_back(patternArray[i]);

  380. 	// 			}

  381. 	// 			else

  382. 	// 				break;

  383. 	// 		}

  384. 

  385. 	// 		auto occurences = FindAllOccurences(temp, startAddress);

  386. 

  387. 	// 		std::vector<unsigned char> parsedPattern;

  388. 	// 		parsedPattern.reserve(patternArray.size());

  389. 	// 		for (auto &pat : patternArray)

  390. 	// 		{

  391. 	// 			parsedPattern.push_back((unsigned char)std::strtol(reinterpret_cast<const char *>(pat), nullptr, 16));

  392. 	// 		}

  393. 

  394. 	// 		std::vector<char> check(patternArray.size());

  395. 	// 		for (auto &occ : occurences)

  396. 	// 		{

  397. 	// 			memset(check.data(), 0, patternArray.size());

  398. 	// 			memcpy(check.data(), (LPVOID)(startAddress + occ), patternArray.size());

  399. 

  400. 	// 			for (unsigned int o = 0; o < patternArray.size(); o++)

  401. 	// 			{

  402. 	// 				// If the current Patterncharacter is a wildcard, go to next index

  403. 	// 				if (isalnum(*patternArray[o]) == 0) // == 0 || isalpha(*patternArray[0]) == 0)

  404. 	// 					continue;

  405. 

  406. 	// 				// Convert current Patternindex

  407. 	// 				char pat = (char)std::stoul(std::string(patternArray[o]), nullptr, 16);

  408. 

  409. 	// 				// Compare memory, if equal, result is 0

  410. 	// 				int mem = memcmp(&check[o], &pat, 1);

  411. 

  412. 	// 				// If memory is not equal, the pattern doesn't match

  413. 	// 				if (mem != 0)

  414. 	// 				{

  415. 	// 					break;

  416. 	// 				}

  417. 	// 				// o can only be the size of the pattern if it matches

  418. 	// 				if (o == patternArray.size() - 1)

  419. 	// 				{

  420. 	// 					if (offset < 0)

  421. 	// 						return occ - offset;

  422. 	// 					if (offset > 0)

  423. 	// 						return occ + offset;

  424. 	// 					return occ;

  425. 	// 				}

  426. 	// 			}

  427. 	// 		}

  428. 	// 		// No result found

  429. 	// 		return 0;

  430. 	// 	}

  431. 

  432. 	// 	/**

  433. 	// 	* \brief Returns first occurrence of byte pattern in a module

  434. 	// 	* \param module Base address of module

  435. 	// 	* \param signature IDA-style byte pattern

  436. 	// 	* \return Pointer to first occurrence

  437. 	// 	* \see CSGOSimple by MarkHC

  438. 	// 	*/

  439. 	// 	inline std::uint8_t *patternScan(void *module, std::string signature)

  440. 	// 	{

  441. 	// 		static auto pattern_to_byte = [](const char *pattern) {

  442. 	// 			auto bytes = std::vector<int>{};

  443. 	// 			auto start = const_cast<char *>(pattern);

  444. 	// 			auto end = const_cast<char *>(pattern) + strlen(pattern);

  445. 

  446. 	// 			for (auto current = start; current < end; ++current)

  447. 	// 			{

  448. 	// 				if (*current == '??')

  449. 	// 				{

  450. 	// 					++current;

  451. 	// 					if (*current == '??')

  452. 	// 						++current;

  453. 	// 					bytes.push_back(-1);

  454. 	// 				}

  455. 	// 				else

  456. 	// 					bytes.push_back(strtoul(current, &current, 16));

  457. 	// 			}

  458. 	// 			return bytes;

  459. 	// 		};

  460. 

  461. 	// 		auto dosHeader = (PIMAGE_DOS_HEADER)module;

  462. 	// 		auto ntHeaders = (PIMAGE_NT_HEADERS)((std::uint8_t *)module + dosHeader->e_lfanew);

  463. 

  464. 	// 		auto sizeOfImage = ntHeaders->OptionalHeader.SizeOfImage;

  465. 	// 		auto patternBytes = pattern_to_byte(signature.c_str());

  466. 	// 		auto scanBytes = reinterpret_cast<std::uint8_t *>(module);

  467. 

  468. 	// 		auto s = patternBytes.size();

  469. 	// 		auto d = patternBytes.data();

  470. 

  471. 	// 		for (auto i = 0ul; i < sizeOfImage - s; ++i)

  472. 	// 		{

  473. 	// 			bool found = true;

  474. 	// 			for (auto j = 0ul; j < s; ++j)

  475. 	// 			{

  476. 	// 				if (scanBytes[i + j] != d[j] && d[j] != -1)

  477. 	// 				{

  478. 	// 					found = false;

  479. 	// 					break;

  480. 	// 				}

  481. 	// 			}

  482. 	// 			if (found)

  483. 	// 				return &scanBytes[i];

  484. 	// 		}

  485. 

  486. 	// 		return nullptr;

  487. 	// 	}

  488. 

  489. 	// 	static std::vector<unsigned char> ParseSignature(std::string &pattern)

  490. 	// 	{

  491. 	// 		std::vector<unsigned char> bytes;

  492. 	// 		for (unsigned int i = 0; i < pattern.length(); i += 2)

  493. 	// 		{

  494. 	// 			std::string byteString = pattern.substr(i, 2);

  495. 	// 			char byte = (char)strtol(byteString.c_str(), NULL, 16);

  496. 	// 			bytes.push_back(byte);

  497. 	// 		}

  498. 	// 		return bytes;

  499. 	// 	}

  500. 

  501. 	// 	static DWORD FindMySignature(const char *szModule, std::string szSignature, int offset)

  502. 	// 	{

  503. 	// 		/*AllocConsole();

  504. 	// 		freopen("CONIN$", "r", stdin);

  505. 	// 		freopen("CONOUT$", "w", stdout);

  506. 	// 		freopen("CONOUT$", "w", stderr);*/

  507. 

  508. 	// 		MODULEINFO modInfo;

  509. 	// 		GetModuleInformation(GetCurrentProcess(), GetModuleHandleA(szModule), &modInfo, sizeof(MODULEINFO));

  510. 	// 		DWORD startAddress = (DWORD)modInfo.lpBaseOfDll;

  511. 	// 		DWORD endAddress = startAddress + modInfo.SizeOfImage;

  512. 

  513. 	// 		std::string pattern = szSignature;

  514. 	// 		std::string::iterator end_pos = std::remove(szSignature.begin(), szSignature.end(), ' ');

  515. 	// 		szSignature.erase(end_pos, szSignature.end());

  516. 

  517. 	// 		//const char* pat = szSignature.c_str();

  518. 	// 		auto pat = ParseSignature(szSignature);

  519. 

  520. 	// 		DWORD firstMatch = 0;

  521. 

  522. 	// 		//std::vector<char> check(sizeof(szSignature));

  523. 	// 		//auto firstMatchByte = std::strtol(&pat[0], nullptr, 16);

  524. 	// 		auto firstMatchByte = (int)pat[0];

  525. 	// 		std::cout << std::hex << (int)*(unsigned char *)startAddress << '\n';

  526. 	// 		std::cout << "Pattern to search for: " << szSignature << '\n';

  527. 	// 		std::cout << "Length of Pattern: " << szSignature.length() << '\n';

  528. 	// 		std::cout << "FirstMatchByte: " << std::hex << firstMatchByte << '\n';

  529. 

  530. 	// 		SYSTEM_INFO sysinf;

  531. 	// 		GetSystemInfo(&sysinf);

  532. 

  533. 	// 		MEMORY_BASIC_INFORMATION mbi;

  534. 	// 		//startAddress += 0x4F318C;

  535. 

  536. 	// 		/*for (int i = 0; i < pat.size(); i++)

  537. 	// 			std::cout << (int)pat[i];*/

  538. 

  539. 	// 		for (DWORD pCur = startAddress; pCur < 0x7FFFFFFF; pCur++)

  540. 	// 		{

  541. 	// 			if (VirtualQuery((LPVOID)pCur, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) != 0

  542. 	// 				//&& ((mBI.State != MEM_COMMIT) || !(mBI.Protect & MEMORY_READABLE) || (mBI.Protect & PAGE_GUARD)))

  543. 	// 				&& mbi.State == MEM_COMMIT && mbi.Protect != PAGE_NOACCESS && !(mbi.Protect & PAGE_GUARD))

  544. 	// 			{

  545. 

  546. 	// 				//CREDITS: learn_more

  547. 	// #define INRANGE(x, a, b) (x >= a && x <= b)

  548. 	// #define getBits(x) (INRANGE((x & (~0x20)), 'A', 'F') ? ((x & (~0x20)) - 'A' + 0xa) : (INRANGE(x, '0', '9') ? x - '0' : 0))

  549. 	// #define getByte(x) (getBits(x[0]) << 4 | getBits(x[1]))

  550. 

  551. 	// 				const char *patt = pattern.c_str();

  552. 

  553. 	// 				if (!*patt)

  554. 	// 					return firstMatch;

  555. 	// 				if (*(PBYTE)patt == '\?' || *(BYTE *)pCur == getByte(patt))

  556. 	// 				{

  557. 	// 					if (!firstMatch)

  558. 	// 						firstMatch = pCur;

  559. 	// 					if (!patt[2])

  560. 	// 						return firstMatch;

  561. 	// 					if (*(PWORD)patt == '\?\?' || *(PBYTE)patt != '\?')

  562. 	// 						patt += 3;

  563. 	// 					else

  564. 	// 						patt += 2; //one ?

  565. 	// 				}

  566. 	// 				else

  567. 	// 				{

  568. 	// 					patt = szSignature.c_str();

  569. 	// 					firstMatch = 0;

  570. 	// 				}

  571. 

  572. 	// 				if ((int)*(unsigned char *)pCur == (int)firstMatchByte && endAddress - pCur >= szSignature.length())

  573. 	// 				{

  574. 	// 					//if (pattern.data()[0] == *(streamToSearch.begin() +i) && totalLength - i >= patternLength)

  575. 	// 					for (unsigned int o = 0; o < pat.size(); o++)

  576. 	// 					{

  577. 	// 						// If the current Patterncharacter is a wildcard, go to next index

  578. 	// 						//if (isalnum(szSignature[o]) == 0)// == 0 || isalpha(*patternArray[0]) == 0)

  579. 	// 						if (pat[o] == strtol("??", 0, 16))

  580. 	// 						{

  581. 	// 							//std::cout << "Current Patternindex is a wildcard: " << pat[o] << '\n';

  582. 	// 							continue;

  583. 	// 						}

  584. 

  585. 	// 						auto currentPat = (int)pat[o];

  586. 

  587. 	// 						/*std::cout << '\n\n';

  588. 	// 						std::cout << "Startaddress: 0x" << std::hex << (DWORD)modInfo.lpBaseOfDll << '\n';

  589. 	// 						std::cout << "Currentaddress: 0x" << std::hex << pCur + o << '\n';

  590. 	// 						std::cout << "Current Byte is: " << std::hex << (int)*(unsigned char*)(pCur + o) << '\n';

  591. 	// 						std::cout << "Current Pattern is: " << std::hex << currentPat << '\n';

  592. 	// 						std::cout << '\n';*/

  593. 

  594. 	// 						if ((int)*(unsigned char *)(pCur + o) != currentPat)

  595. 	// 						{

  596. 	// 							//std::cout << "Cur Val: 0x" << std::hex << (int)*(unsigned char*)(pCur + o) << " Pattern: 0x" << std::hex << currentPat << '\n';

  597. 	// 							break;

  598. 	// 						}

  599. 

  600. 	// 						// o can only be the size of the pattern if it matches

  601. 	// 						if (o == pat.size() - 1)

  602. 	// 						{

  603. 	// 							if (offset < 0)

  604. 	// 								return pCur - offset;

  605. 	// 							if (offset > 0)

  606. 	// 								return pCur + offset;

  607. 	// 							return pCur;

  608. 	// 						}

  609. 	// 					}

  610. 	// 				}

  611. 	// 			}

  612. 	// 			else

  613. 	// 				pCur += mbi.RegionSize;

  614. 	// 		}

  615. 	// 		return NULL;

  616. 	// 	}

  617. 

  618. 	static uintptr_t FindSignature(const char *szModule, const char *szSignature)

  619. 	{

  620. 		//CREDITS: learn_more

  621. #define INRANGE(x, a, b) (x >= a && x <= b)

  622. #define getBits(x) (INRANGE((x & (~0x20)), 'A', 'F') ? ((x & (~0x20)) - 'A' + 0xa) : (INRANGE(x, '0', '9') ? x - '0' : 0))

  623. #define getByte(x) (getBits(x[0]) << 4 | getBits(x[1]))

  624. 

  625. 		MODULEINFO modInfo;

  626. 		GetModuleInformation(GetCurrentProcess(), GetModuleHandleA(szModule), &modInfo, sizeof(MODULEINFO));

  627. 		uintptr_t startAddress = (uintptr_t)modInfo.lpBaseOfDll;

  628. 		uintptr_t endAddress = startAddress + modInfo.SizeOfImage;

  629. 		const char *pat = szSignature;

  630. 		uintptr_t firstMatch = 0;

  631. 		for (uintptr_t pCur = startAddress; pCur < endAddress; pCur++)

  632. 		{

  633. 			if (!*pat)

  634. 				return firstMatch;

  635. 			if (*(PBYTE)pat == '\?' || *(BYTE *)pCur == getByte(pat))

  636. 			{

  637. 				if (!firstMatch)

  638. 					firstMatch = pCur;

  639. 				if (!pat[2])

  640. 					return firstMatch;

  641. 				if (*(PWORD)pat == '\?\?' || *(PBYTE)pat != '\?')

  642. 				//if (*(PWORD)pat == '\?' || *(PBYTE)pat != '\?')

  643. 					pat += 3;

  644. 				else

  645. 					pat += 2; //one ?

  646. 			}

  647. 			else

  648. 			{

  649. 				pat = szSignature;

  650. 				firstMatch = 0;

  651. 			}

  652. 		}

  653. 		return 0;

  654. 	}

  655. } // namespace PatternScan