| View previous topic :: View next topic |
| Author |
Message |
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
 Posted: Tue Sep 16, 2008 9:19 pm Post subject: [Test]FindPatternEx |
 |
|
I don't know if this will work, haven't test it.
| Code: |
// RPMFindPattern.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <tchar.h>
DWORD FindPatternEx(HANDLE hProc, BYTE *sig){
DWORD Addr = 0;
BYTE value[255];
for( int i = 0x00400000; i < 0x00800000 ; i ++ ) {
ReadProcessMemory(hProc, (void *)i, &value, sizeof(value), NULL);
if(value == sig){
Addr = i;
return Addr;
}
}
return Addr;
}
int _tmain(int argc, _TCHAR* argv[])
{
BYTE Sig[255] = { 0x01, 0x02 };
HWND hWnd;
DWORD pid;
HANDLE handle;
hWnd = FindWindow(NULL, _T("Test"));
GetWindowThreadProcessId(hWnd, &pid);
handle = OpenProcess(PROCESS_VM_READ, false, pid);
printf("testtest\n");
printf("%x08\n",FindPatternEx(handle, Sig) );
getchar();
return 0;
}
|
|
|
| Back to top |
|
 |
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Tue Sep 16, 2008 10:16 pm Post subject: |
|
|
Haha I made one as well.. for my GGless updater so it would support all versions of maplestory from v.59 v.60 and it worked it hooked v.60 without any problems.
Heres mines
| Code: |
DWORD FindPattern(DWORD start_offset, char pattern[], char mask[]) {
///
/// search for ASM Sequence in memory. (Auto updating bot).
///
if (start_offset==0) //if set to 0 then start from default.
start_offset=0x00401000;
DWORD pos = 0;
int searchLen = strlen(mask) - 1;
for( DWORD retAddress = start_offset; retAddress < start_offset + searchLen; retAddress++ )
{
if( *(BYTE*)retAddress == pattern[pos] || mask[pos] == '?' ){
if( mask[pos+1] == '\0' )
return (retAddress - searchLen);
pos++;
}
else
pos = 0;
}
return NULL;
}
|
it also supports wildcards with the ? symbol.
int offset = FindPattern(0, "/xb8/xFF/xFF/xFF/x90", "x????x") {
if(offset != NULL) {
found at @ offset.
}
_________________
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Tue Sep 16, 2008 10:21 pm Post subject: |
|
|
Yeah, it should work, but calling RPM a billion times is going to be prettty slow. better to take it all at once or a few big chunks and loop through the data to compare.
Since you're declaring sig and value as a 255 array, wouldn't sizeof be 255 instead of 2?
_________________
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Wed Sep 17, 2008 1:34 pm Post subject: |
|
|
What he said. Read like 64KB of memory at a time. Then have a loop. Doing that many Win32 API calls is slow as hell.
Your code has a lot of logic and syntax errors. You're comparing "value" to the pointer "sig." It should be:
| Code: |
if (value[BlahIndex] == *sig[BlahIndex])
|
Also, you're only comparing 1 byte. You need to compare the whole array of bytes. So, add an argument to FindPatternEx that specifies the length of the sig. Then, do
| Code: |
DWORD i2;
for (i2 = 0; i2 < dwSigLength; i2++)
{
if (value[i2] != *sig[i2])
break;
}
if (i2 == (dwSigLength - 1))
{
return i;
}
|
This is an example. This code misses the pattern if it isn't on a multiple of 64. What you should do is continue reading memory once ((64KB - i) < dwSigLength). Hope it helps.
|
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Wed Sep 17, 2008 2:31 pm Post subject: |
|
|
I did mine too, might post it later.
Its dynamic Eg: FindPattern("47 24 23 ?? 57 31 ? 74");
=]
And totaly works btw lol.
_________________
Gone |
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Wed Sep 17, 2008 4:56 pm Post subject: |
|
|
Return in case of fail shouldn't be Value, it should be 0 or -1 or some indication of failure.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Sep 17, 2008 5:22 pm Post subject: |
|
|
| nog_lorp wrote: | | Return in case of fail shouldn't be Value, it should be 0 or -1 or some indication of failure. |
It is...
This will find the address without injecting a DLL.
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Wed Sep 17, 2008 8:13 pm Post subject: |
|
|
whats wrong with dll injecting..
if in ur released hack u cant force ppl to use a random dll injector then just build ur own dll injector just for ur dll. and when they run it it would check if game is running etc.. then inject.
So its still just opening a exe file.
You just built a cheat engine LoL and you know how long it takes to find your value pretty long
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Sep 17, 2008 8:26 pm Post subject: |
|
|
| pkedpker wrote: | whats wrong with dll injecting..
if in ur released hack u cant force ppl to use a random dll injector then just build ur own dll injector just for ur dll. and when they run it it would check if game is running etc.. then inject.
So its still just opening a exe file.
You just built a cheat engine LoL and you know how long it takes to find your value pretty long |
Maybe because I like it that way? The world doesn't revolve around you, you know.
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Wed Sep 17, 2008 8:44 pm Post subject: |
|
|
u could of alteast read big amounts at once.. then parse it on the inside until you find it that would of been much 100x faster.. with 2 loops.
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Sep 17, 2008 8:51 pm Post subject: |
|
|
| pkedpker wrote: | | u could of alteast read big amounts at once.. then parse it on the inside until you find it that would of been much 100x faster.. with 2 loops. |
As you know, I wrote this in a hurry. It's easily configurable...
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Thu Sep 18, 2008 4:27 pm Post subject: |
|
|
@pkedpker Dll injection isnt always a viable option, in most Online games(with protections) it isnt a option in most cases.
@void ReadProcessMemory is only one option in injection you could manuelly dissasemble it by dreference a pointer..
i think it's a very nice piece of work congrats on it ;]
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Thu Sep 18, 2008 5:37 pm Post subject: |
|
|
| BanMe wrote: | @pkedpker Dll injection isnt always a viable option, in most Online games(with protections) it isnt a option in most cases.
@void ReadProcessMemory is only one option in injection you could manuelly dissasemble it by dreference a pointer..
i think it's a very nice piece of work congrats on it ;] |
If dll injection becomes a problem, then most definitly RPM will not work. It's one of the first things I think that any company that is creating an anticheat would do; destroy fuctionality of RPM/WPM.
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Thu Sep 18, 2008 6:49 pm Post subject: |
|
|
| sponge wrote: | | BanMe wrote: | @pkedpker Dll injection isnt always a viable option, in most Online games(with protections) it isnt a option in most cases.
@void ReadProcessMemory is only one option in injection you could manuelly dissasemble it by dreference a pointer..
i think it's a very nice piece of work congrats on it ;] |
If dll injection becomes a problem, then most definitly RPM will not work. It's one of the first things I think that any company that is creating an anticheat would do; destroy fuctionality of RPM/WPM. |
Would you like me to use KiSystemFastcall instead of RPM? 
| rapion124 wrote: | What he said. Read like 64KB of memory at a time. Then have a loop. Doing that many Win32 API calls is slow as hell.
Your code has a lot of logic and syntax errors. You're comparing "value" to the pointer "sig." It should be:
| Code: |
if (value[BlahIndex] == *sig[BlahIndex])
|
Also, you're only comparing 1 byte. You need to compare the whole array of bytes. So, add an argument to FindPatternEx that specifies the length of the sig. Then, do
| Code: |
DWORD i2;
for (i2 = 0; i2 < dwSigLength; i2++)
{
if (value[i2] != *sig[i2])
break;
}
if (i2 == (dwSigLength - 1))
{
return i;
}
|
This is an example. This code misses the pattern if it isn't on a multiple of 64. What you should do is continue reading memory once ((64KB - i) < dwSigLength). Hope it helps. |
I'm comparing 255 bytes at a time lol.
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Thu Sep 18, 2008 7:32 pm Post subject: |
|
|
| _void wrote: |
Would you like me to use KiSystemFastcall instead of RPM?
|
Lol. Won't work either. Most anti-cheats load a driver that hooks the int 2E handler.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
