FindPattern crash

06/16/2014 23:59 Forbidi#1
Hey coders,
I was always using FindPattern by defining the module where i want to search the pattern using GetModuleHandle. But now i wanna scan for an address without module so i tried to scan the whole memory ( Bad idea i know but the dynamic address isn't always stored in a certain part of the memory )

Here's my code

PHP Code:
bool Match(const BYTEpData, const BYTEbMask, const charszMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask 
            return false;
    return (*szMask) == NULL;
}


DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char szMask)
{
    for(DWORD i=0dwLeni++)
        if( Match( (BYTE*)( dwAddress+),bMask,szMask) )
            return (DWORD)(dwAddress+i);

    return 0;
}

DWORD dyAdd;

void findAdd()
{
   dyAdd FindPattern(0x004000000x7FFFFFFF, ( PBYTE )"\x**\x**\x**\x**","xxxx" ); // Put ** instead of the real pattern
06/17/2014 10:15 Forbidi#2
Quote:
Originally Posted by SteveRambo View Post
:facepalm:

[Only registered and activated users can see links. Click Here To Register...]
wow very usefull.
06/17/2014 13:59 +Yazzn#3
Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF? You should also check if the pages are all readable.
06/17/2014 15:00 Forbidi#4
Quote:
Originally Posted by Peter File View Post
Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF?
Yes just a little fail when i wrote the code here.

Quote:
Originally Posted by Peter File View Post
You should also check if the pages are all readable.
All the memory is on PAGE_READWRITE.
06/17/2014 15:21 +Yazzn#5
You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.

Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);

If it's still not working you should probably just debug your code lol
06/17/2014 15:25 bUTL9R#6
You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol
06/17/2014 15:27 +Yazzn#7
Quote:
Originally Posted by bUTL9R View Post
You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol
Quote:
Originally Posted by SteveRambo
// Put ** instead of the real pattern
(cuz dem bytez such secret)
06/17/2014 15:38 Dr. Coxxy#8
1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.
06/17/2014 18:28 phize#9
Lol @ the secret pattern. This guy must be pro.

06/17/2014 19:37 Forbidi#10
Quote:
Originally Posted by phize View Post
Lol @ the secret pattern. This guy must be pro.
Maybe you should learn to read, i put the ** just to show that i crash whatever the signature is and as a general example but if you insist about having it here it is 21 60 7A 00

Quote:
Originally Posted by Peter File View Post
You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.

Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);

If it's still not working you should probably just debug your code lol
The address i'm searching for it doesn't get stored in more than 0x0F000000 so it's surely not the reason why i crash

Quote:
Originally Posted by Dr. Coxxy View Post
1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.
I'll try your third suggestion, thanx.