Join Date: Aug 2008
Posts: 2594
User-Rating:
|
Das ist die FindPattern Funktion von KN4CK3R die für Einsatz mit der OSH GUI bestimmt ist. Verpackt in namespace und einsatzbereit, ihr müsst nur bei den Misc/Exceptions.hpp Pfad aufpassen.
OSHFindPattern.hpp
SpoilerCPP Code: #ifndef OSH_FIND_PATTERN #define OSH_FIND_PATTERN #include <Windows.h> #include "Misc/Exceptions.hpp" namespace OSHFindPattern { DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask); bool DataCompare(const BYTE *data, const BYTE *pattern, LPCTSTR mask); }; #endif
OSHFindPattern.cpp
SpoilerCPP Code: /* * FindPattern and DataCompare function * Copyright (c) 2012 KN4CK3R https://www.oldschoolhack.me */ #include "OSHFindPattern.hpp" using namespace OSHGui; namespace OSHFindPattern { bool DataCompare(const BYTE *data, const BYTE *pattern, LPCTSTR mask) { for (; *mask; ++mask, ++data, ++pattern) { if (*mask == 'x' && *data != *pattern) { return false; } } return *mask == 0; } //--------------------------------------------------------------------------- DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask) { if (module == NULL || module == INVALID_HANDLE_VALUE) { throw Misc::ArgumentNullException("module"); } PIMAGE_DOS_HEADER dosHeader =(PIMAGE_DOS_HEADER)module; if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { throw Misc::Exception("e_magic != IMAGE_DOS_SIGNATURE"); } PIMAGE_NT_HEADERS NTHead = (PIMAGE_NT_HEADERS)((DWORD)dosHeader + (DWORD)dosHeader->e_lfanew); if (NTHead->Signature != IMAGE_NT_SIGNATURE) { throw Misc::Exception("Signature != IMAGE_NT_SIGNATURE"); } DWORD address = (DWORD)module + NTHead->OptionalHeader.BaseOfCode; DWORD size = NTHead->OptionalHeader.SizeOfCode; for (DWORD i = NULL; i < size; i++) { if (DataCompare((BYTE*)(address + i), pattern, mask)) { return address + i; } } return NULL; } //--------------------------------------------------------------------------- }
Beispiel:
CPP Code: DWORD device = OSHFindPattern::FindPattern(d3d9, (BYTE*)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx") + 2; DWORD *VTable = NULL; memcpy(&VTable, (void*)device, 4); pEndScene = (oEndScene)DetourFunction((BYTE*)VTable[42], (BYTE*)hook_EndScene, 5);
Only registered and activated users can see links.
__________________
Meine Lesezeichen
|