Register for your free account! | Forgot your password?

Go Back   elitepvpers Coders Den C/C++
Pattern Signature Scanner Pattern Signature Scanner
You last visited: Today at 09:36

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

Pattern Signature Scanner

Discussion on Pattern Signature Scanner within the C/C++ forum part of the Coders Den category.

Reply
 
Old   #1
 
xKemya's Avatar
 
elite*gold: 0
The Black Market: 97/0/0
Join Date: Jan 2013
Posts: 2,450
Received Thanks: 1,880
Pattern Signature Scanner

I've got C++ Issue about Pattern,
why won't work when OLLYDBG not work

Functions.h
Code:
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <Psapi.h>

void MsgBoxAddy(DWORD addy)
{
 char szBuffer[1024];
 sprintf(szBuffer, "Addy: %02x", addy);
 MessageBox(NULL, szBuffer, "Title", MB_OK);

}

MODULEINFO GetModuleInfo( char *szModule )
{
 MODULEINFO modinfo = {0};
 HMODULE hModule = GetModuleHandle(szModule);
 if(hModule == 0) 
  return modinfo;
 GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
 return modinfo;
}


void WriteToMemory(uintptr_t addressToWrite, char* valueToWrite, int byteNum)
{
 unsigned long OldProtection;
 VirtualProtect((LPVOID)(addressToWrite), byteNum, PAGE_EXECUTE_READWRITE, &OldProtection);
 memcpy( (LPVOID)addressToWrite, valueToWrite, byteNum);
 VirtualProtect((LPVOID)(addressToWrite), byteNum, OldProtection, NULL);
}


DWORD FindPattern(char *module, char *pattern, char *mask)
{
 MODULEINFO mInfo = GetModuleInfo(module);
 DWORD base = (DWORD)mInfo.lpBaseOfDll;
 DWORD size =  (DWORD)mInfo.SizeOfImage;
 DWORD patternLength = (DWORD)strlen(mask);

 for(DWORD i = 0; i < size - patternLength; i++)
 {
  bool found = true;
  for(DWORD j = 0; j < patternLength; j++)
  {
   found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
  }
  if(found) 
  {
   return base + i;
  }
 }

 return NULL;
}
Source.cpp
Code:
#include <Windows.h>
#include <iostream>  
#include "Functions.h"

using namespace std;
char OpCode[] = "\xDB\x45";


void InitiateHooks()
{
  DWORD aAddy = FindPattern("s4client.exe",
  "\xD9\x45\x57\x8B\x7C\x24\x14\x8D\x74\x24\x28\xE8\x00\x00\x00\x00\x5F\x5E\xB0\x01",
  "xxxxxxxxxxxx????xxxx");
 aAddy += 5;


 MsgBoxAddy(aAddy);
 WriteToMemory(aAddy, OpCode, 4);
 
}
#pragma endregion

BOOL WINAPI DllMain(
    HINSTANCE hinstDLL, 
    DWORD fdwReason, 
    LPVOID lpReserved) 
{
    switch(fdwReason)
    {
        case DLL_PROCESS_ATTACH:
   InitiateHooks();
            break;
    }
    return TRUE;
}
why won't work when OLLYDBG not work
xKemya is offline  
Old   #2
 
xXrussXx's Avatar
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: May 2012
Posts: 643
Received Thanks: 846
I dont really know what you mean but i think:
most games/programms scan your opened tasks. If they find a process like "ollydbg" they crash because they dont want you to change bytes oder else...

Just close OllyDbg or bypass the check
xXrussXx is offline  
Old   #3
 
xKemya's Avatar
 
elite*gold: 0
The Black Market: 97/0/0
Join Date: Jan 2013
Posts: 2,450
Received Thanks: 1,880
Quote:
Originally Posted by xXrussXx View Post
I dont really know what you mean but i think:
most games/programms scan your opened tasks. If they find a process like "ollydbg" they crash because they dont want you to change bytes oder else...

Just close OllyDbg or bypass the check
I mean, I've coded a pattern code for C++, but it works only if ollybdg is running else won't work
xKemya is offline  
Old   #4
 
cookie69's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2009
Posts: 627
Received Thanks: 689
Quote:
Originally Posted by "V" View Post
I mean, I've coded a pattern code for C++, but it works only if ollybdg is running else won't work
This code is from Fleep's channel

Fleep tested it for a local FPS little game so it could be different for an MMO with too many protections! I don't see why it does work only when the process is being debugged by Olly but I trust you..
Anyway, if it works with olly just keep olly running or is it detected by the game s4client ? (I don't know which game is it).

Good luck
cookie69 is offline  
Old   #5
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2014
Posts: 5
Received Thanks: 1
look here ^^
Quote:
#include <Psapi.h>


MODULEINFO GetModuleInfo(char *szModule){
MODULEINFO modinfo = { 0 };
HMODULE hModule = GetModuleHandle(szModule);
if (hModule == 0)
return modinfo;
GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
return modinfo;
}



void WriteToMemory(uintptr_t addressToWrite, char* valueToWrite, int byteNum)
{

unsigned long OldProtection;
VirtualProtect((LPVOID)(addressToWrite), byteNum, PAGE_EXECUTE_READWRITE, &OldProtection);

memcpy((LPVOID)addressToWrite, valueToWrite, byteNum);

VirtualProtect((LPVOID)(addressToWrite), byteNum, OldProtection, NULL);
}


DWORD FindPattern(char *module, char *pattern, char *mask)
{

MODULEINFO mInfo = GetModuleInfo(module);

DWORD base = (DWORD)mInfo.lpBaseOfDll;
DWORD size = (DWORD)mInfo.SizeOfImage;

DWORD patternLength = (DWORD)strlen(mask);

for (DWORD i = 0; i < size - patternLength; i++)
{
bool found = true;
for (DWORD j = 0; j < patternLength; j++)
{

found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
}

if (found)
{
return base + i;
}
}

return NULL;
}
Quote:
#include <Windows.h>
#include <iostream>
#include "Functions.h"
using namespace std;

char BytesToPatch[] = "yvalue by array";
char ProcessName[] = "Name.exe";

void InitiateHook()
{
DWORD Bytes = FindPattern(ProcessName, "Pattern", "mask");
Bytes += 5;
WriteToMemory(Bytes, BytesToPatch, 4);

}
BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved)
{
switch (dwReason) {
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hModule);
InitiateHook();
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
Quote:
Originally Posted by cookie69 View Post
This code is from Fleep's channel

Fleep tested it for a local FPS little game so it could be different for an MMO with too many protections! I don't see why it does work only when the process is being debugged by Olly but I trust you..
Anyway, if it works with olly just keep olly running or is it detected by the game s4client ? (I don't know which game is it).

Good luck
it work but you need to find the correct Pattren and mask
xnkromix is offline  
Thanks
1 User
Old   #6
 
xKemya's Avatar
 
elite*gold: 0
The Black Market: 97/0/0
Join Date: Jan 2013
Posts: 2,450
Received Thanks: 1,880
Guys, my friend has solved it, he missed only 1 number -.- ****, but anyways thank you all!
xKemya is offline  
Reply

« Erfahrener C++ Programmierer um einen Bug zu beheben | [F] C++ Buch gut? »

Similar Threads Similar Threads
C# Pattern
05/19/2013 - .NET Languages - 5 Replies
Hallo zusammen, ich hätte mal eine Frage über C#. Ich habe mittlerweile raus wie in C# die Pointer funktionieren. Und jetzt würde ich gerne herausfinden wie man Pattern benutzt. (Ohne BlackMagic) Also eine Funktion bei der man Pattern & Mask angibt.
Pattern
11/08/2012 - General Coding - 4 Replies
Hi, i have e little problem and i dont know to resolve it... If possible to find the pattern in random memory location?
[Frage] Search Pattern Signature
06/09/2012 - Nostale - 5 Replies
Ich versuche schon seit einiger Zeit eine gleichbleibende Signatur zu finden, bekomme es aber einfach nicht hin. :/ Als Beispiel hab ich den HP-Pointer benutzt: Address: 007D5500 Signature: \x60\x40\xD9\x07\xC0\xDF\x4A Mask: xxxxxxx Aber nachdem ich NosTale neu gestartet habe, findet er die Signature nicht mehr, weil sie sich verändert hat.
pattern..
03/29/2011 - Grand Chase Philippines - 1 Replies
requesting for gambling pattern :) :) :) :) :)



All times are GMT +2. The time now is 09:38.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.