Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Delphi] AOB Scan

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
icarusdc
How do I cheat?
Reputation: 0

Joined: 30 Mar 2016
Posts: 5

PostPosted: Mon May 21, 2018 7:56 pm    Post subject: [Delphi] AOB Scan Reply with quote

Hi,
I want to make a memory patcher with AOB scan.

So here it is my code:
Code:
procedure ChangePrivilege(szPrivilege: PChar; fEnable: Boolean);
var
  NewState: TTokenPrivileges;
  luid: TLargeInteger;
  hToken: THandle;
  ReturnLength: DWord;
begin
  OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken);
  LookupPrivilegeValue(nil, szPrivilege, luid);
  NewState.PrivilegeCount := 1;
  NewState.Privileges[0].Luid := luid;
  if (fEnable) then
    NewState.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
  else
    NewState.Privileges[0].Attributes := 0;
  AdjustTokenPrivileges(hToken, False, NewState, SizeOf(NewState), nil, ReturnLength);
  CloseHandle(hToken);
end;

function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
  Modules         : Array of HMODULE;
  cbNeeded, i     : Cardinal;
  ModuleInfo      : TModuleInfo;
  ModuleName      : Array[0..MAX_PATH] of Char;
  PHandle         : THandle;
begin
  Result := nil;
  SetLength(Modules, 1024);
  PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
  if (PHandle <> 0) then
  begin
    EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded);
    SetLength(Modules, cbNeeded div SizeOf(HMODULE));
    for i := 0 to Length(Modules) - 1 do //Start the bucle
    begin
      GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName));
      if AnsiCompareText(MName, ModuleName) = 0 then
      begin
        GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo));
        Result := ModuleInfo.lpBaseOfDll;
        CloseHandle(PHandle);
        Exit;
      end;
    end;
  end;
end;

function GetProcessID(Const ExeFileName: string; var ProcessId: integer): boolean;
var
  ContinueLoop: BOOL;
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
begin
  result := false;
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
  while integer(ContinueLoop) <> 0 do begin
   if (StrIComp(PChar(ExtractFileName(FProcessEntry32.szExeFile)), PChar(ExeFileName)) = 0)
      or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0)  then begin
      ProcessId:= FProcessEntry32.th32ProcessID;
      result := true;
      break;
   end;
   ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
  end;
  CloseHandle(FSnapshotHandle);
end;

function Match(pData: PByte; bMask: PByte; szMask: PChar): Boolean;
begin
  while (szMask^ <> #0) do
  begin
    if (szMask^ = 'x') and (pData^ <> bMask^) then
    begin
      Result := false;
      exit;
    end;
    Inc(szMask);
    Inc(pData);
    Inc(bMask);
  end;
  Result:= (szMask^ = #0);
end;

function FindPattern(dwAddress, dwLen : Cardinal; bMask : PBYTE; szMask : PCHAR) : Cardinal;
var
i : Cardinal;
begin
  Result:= 0;
  for i := 0 to dwLen-1 do
    if(Match(PBYTE(dwAddress + i), bMask, szMask)) then
    begin
      Result := Cardinal((dwAddress + i));
      break;
    end;
end;
procedure TForm1.bGetAOBScanClick(Sender: TObject);
const
  test2: array [0 .. 9] of byte = ($FF,$92,$C8,$00,$00,$00,$84,$C0,$74,$0C);
var
  i: Cardinal;
  dwLen: Cardinal;
  szMask: PCHAR;
  bMask: PBYTE;
  Addr: cardinal;
  Address: Cardinal;
  ProcessID : integer;
  pi : Process_Information;
  x:dword;
  targetname:string;
  datamask:pchar;
  datadwlen:cardinal;
begin
targetname:='test.exe';
datadwlen:=$000251000;
datamask:='xxxxxxxxxx';
ChangePrivilege('SeDebugPrivilege', True);
  if GetProcessID(targetname, ProcessID) then
  begin
  eProcessID.Text:=inttostr(processid);
  Address := Integer(GetModuleBaseAddress(ProcessID, targetname));
  Pi.hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_ALL_ACCESS or PROCESS_VM_OPERATION, false, ProcessID);
  ReadProcessMemory(pi.hProcess, Ptr(Address), @Address,datadwlen, x);
  i := address;
  dwLen := datadwlen;
  bMask:= @test2;
  szMask := datamask;
  Addr:= FindPattern(i, dwLen, bMask, szMask);
  eAOBScan.Text:=(IntToHex(Addr,8));
  end else
  begin
  showmessage(targetname+' Not Found');
  end;
end;


but it only scan AOB in my patcher. not the target (test.exe).
any suggestion how to scan in other process?


Salam.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue May 22, 2018 1:16 am    Post subject: Reply with quote

use virtualqueryEx to get a range of memory regions , then use readprocessmemory on the readable ones, and scan that

Also, your readprocessmemory call is wrong, it needs an addres in the target process and an address in your process. You just give it your process each time, and the same one at that

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
icarusdc
How do I cheat?
Reputation: 0

Joined: 30 Mar 2016
Posts: 5

PostPosted: Thu May 24, 2018 1:53 am    Post subject: Reply with quote

Hi,
thanks for your reply.
So I found the source like this that include VirtualQueryEx like you said.

Code:
procedure TForm1.Button2Click(Sender: TObject);
const
  test2: array [0 .. 9] of byte = ($FF,$92,$C8,$00,$00,$00,$84,$C0,$74,$0C);
var
  ProcessID:cardinal;
  Addr, BytesRead: cardinal;
  ProcessHandle: THandle;
  Mbi: TMemoryBasicInformation;
  i: Cardinal;
  Buf: PChar;
  value:cardinal;
  targetname:string;
begin
targetname:='Test.exe';
ChangePrivilege('SeDebugPrivilege', True);
  if GetProcessID(targetname, ProcessID) then
  Value := 69696969;
  ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_ALL_ACCESS or PROCESS_VM_OPERATION, false, ProcessID);
    if ProcessHandle <> 0 then
      try
        Addr := 0;
          while VirtualQueryEx(ProcessHandle, Pointer(Addr), Mbi, SizeOf(Mbi)) <> 0 do
            begin
              if (Mbi.State = MEM_COMMIT) and not ((Mbi.Protect and PAGE_GUARD) = PAGE_GUARD) then
                begin
                  GetMem(Buf, Mbi.RegionSize);
                    try
                      if ReadProcessMemory(ProcessHandle, Mbi.BaseAddress, Buf, Mbi.RegionSize, BytesRead) then
                        begin
                          for i := 0 to BytesRead - SizeOf(Value) do
                            begin
                              if PDWord(@Buf[i])^ = Value then
                              Memo1.Lines.Add('$' + IntToHex(Integer(Cardinal(Mbi.BaseAddress) + i), 8));
                            end;
                        end
                      else
                    finally
                      FreeMem(Buf);
                    end;
                end;
              Addr := Addr + Mbi.RegionSize;
            end;
      finally
        CloseHandle(ProcessHandle);
      end;
end;


But the problem is how to use array of byte?
Value is cardinal and it only has 8 bytes length.
and test at constant has 10 bytes.
and also how to use mask xxx??xxx like that.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites