OldSchoolHack

Register / Login English

OSHFindPattern namespace

icon Thread: OSHFindPattern namespace

Join Date: Aug 2008

Posts: 2594

User-Rating:

17 positive
5 negative
Das ist die FindPattern Funktion von KN4CK3R die für Einsatz mit der OSH GUI bestimmt ist.
Verpackt in namespace und einsatzbereit, ihr müsst nur bei den Misc/Exceptions.hpp Pfad aufpassen.

OSHFindPattern.hpp
Spoiler
CPP Code:
  1.  
  2. #ifndef OSH_FIND_PATTERN
  3. #define OSH_FIND_PATTERN
  4.  
  5. #include <Windows.h>
  6. #include "Misc/Exceptions.hpp"
  7.  
  8. namespace OSHFindPattern
  9. {
  10. DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask);
  11. bool DataCompare(const BYTE *data, const BYTE *pattern, LPCTSTR mask);
  12. };
  13.  
  14. #endif

OSHFindPattern.cpp
Spoiler
CPP Code:
  1. /*
  2.  * FindPattern and DataCompare function
  3.  * Copyright (c) 2012 KN4CK3R https://www.oldschoolhack.me
  4.  */
  5. #include "OSHFindPattern.hpp"
  6.  
  7. using namespace OSHGui;
  8.  
  9. namespace OSHFindPattern
  10. {
  11. bool DataCompare(const BYTE *data, const BYTE *pattern, LPCTSTR mask)
  12. {
  13. for (; *mask; ++mask, ++data, ++pattern)
  14. {
  15. if (*mask == 'x' && *data != *pattern)
  16. {
  17. return false;
  18. }
  19. }
  20.  
  21. return *mask == 0;
  22. }
  23. //---------------------------------------------------------------------------
  24. DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask)
  25. {
  26. if (module == NULL || module == INVALID_HANDLE_VALUE)
  27. {
  28. throw Misc::ArgumentNullException("module");
  29. }
  30.  
  31. PIMAGE_DOS_HEADER dosHeader =(PIMAGE_DOS_HEADER)module;
  32.  
  33. if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
  34. {
  35. throw Misc::Exception("e_magic != IMAGE_DOS_SIGNATURE");
  36. }
  37.  
  38. PIMAGE_NT_HEADERS NTHead = (PIMAGE_NT_HEADERS)((DWORD)dosHeader + (DWORD)dosHeader->e_lfanew);
  39.  
  40. if (NTHead->Signature != IMAGE_NT_SIGNATURE)
  41. {
  42. throw Misc::Exception("Signature != IMAGE_NT_SIGNATURE");
  43. }
  44.  
  45. DWORD address = (DWORD)module + NTHead->OptionalHeader.BaseOfCode;
  46. DWORD size = NTHead->OptionalHeader.SizeOfCode;
  47.  
  48. for (DWORD i = NULL; i < size; i++)
  49. {
  50. if (DataCompare((BYTE*)(address + i), pattern, mask))
  51. {
  52. return address + i;
  53. }
  54. }
  55.  
  56. return NULL;
  57. }
  58. //---------------------------------------------------------------------------
  59. }

Beispiel:
CPP Code:
  1. DWORD device = OSHFindPattern::FindPattern(d3d9, (BYTE*)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx") + 2;
  2. DWORD *VTable = NULL;
  3. memcpy(&VTable, (void*)device, 4);
  4. pEndScene = (oEndScene)DetourFunction((BYTE*)VTable[42], (BYTE*)hook_EndScene, 5);

Only registered and activated users can see links.