FindPattern crash

Forbidi · 06/16/2014, 23:59

Hey coders,
I was always using FindPattern by defining the module where i want to search the pattern using GetModuleHandle. But now i wanna scan for an address without module so i tried to scan the whole memory ( Bad idea i know but the dynamic address isn't always stored in a certain part of the memory )

Here's my code

PHP Code:


			
bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask ) 
            return false;
    return (*szMask) == NULL;
}


DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i < dwLen; i++)
        if( Match( (BYTE*)( dwAddress+i ),bMask,szMask) )
            return (DWORD)(dwAddress+i);

    return 0;
}

DWORD dyAdd;

void findAdd()
{
   dyAdd = FindPattern(0x00400000, 0x7FFFFFFF, ( PBYTE )"\x**\x**\x**\x**","xxxx" ); // Put ** instead of the real pattern
}

Forbidi · 06/17/2014, 10:15

Quote:

Originally Posted by SteveRambo

wow very usefull.

+Yazzn · 06/17/2014, 13:59

Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF? You should also check if the pages are all readable.

Forbidi · 06/17/2014, 15:00

Quote:

Originally Posted by Peter File

Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF?

Yes just a little fail when i wrote the code here.

Quote:

Originally Posted by Peter File

You should also check if the pages are all readable.

All the memory is on PAGE_READWRITE.

+Yazzn · 06/17/2014, 15:21

You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.

Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);

If it's still not working you should probably just debug your code lol

bUTL9R · 06/17/2014, 15:25

You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol

+Yazzn · 06/17/2014, 15:27

Quote:

Originally Posted by bUTL9R

You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol

Quote:

Originally Posted by SteveRambo

// Put ** instead of the real pattern

(cuz dem bytez such secret)

Dr. Coxxy · 06/17/2014, 15:38

1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.

phize · 06/17/2014, 18:28

Lol @ the secret pattern. This guy must be pro.

Spoiler

Forbidi · 06/17/2014, 19:37

Quote:

Originally Posted by phize

Lol @ the secret pattern. This guy must be pro.

Spoiler

At copy/pasting.

Maybe you should learn to read, i put the ** just to show that i crash whatever the signature is and as a general example but if you insist about having it here it is 21 60 7A 00

Quote:

Originally Posted by Peter File

You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.

Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);

If it's still not working you should probably just debug your code lol

The address i'm searching for it doesn't get stored in more than 0x0F000000 so it's surely not the reason why i crash

Quote:

Originally Posted by Dr. Coxxy

1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.

I'll try your third suggestion, thanx.