|
You last visited: Today at 17:52
Advertisement
FindPattern crash
Discussion on FindPattern crash within the C/C++ forum part of the Coders Den category.
06/16/2014, 23:59
|
#1
|
elite*gold: 15 
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
FindPattern crash
Hey coders,
I was always using FindPattern by defining the module where i want to search the pattern using GetModuleHandle. But now i wanna scan for an address without module so i tried to scan the whole memory ( Bad idea i know but the dynamic address isn't always stored in a certain part of the memory )
Here's my code
PHP Code:
bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( Match( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
DWORD dyAdd;
void findAdd()
{
dyAdd = FindPattern(0x00400000, 0x7FFFFFFF, ( PBYTE )"\x**\x**\x**\x**","xxxx" ); // Put ** instead of the real pattern
}
|
|
|
|
06/17/2014, 10:15
|
#2
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by SteveRambo
|
wow very usefull.
|
|
|
|
|
06/17/2014, 13:59
|
#3
|
elite*gold: 420
Join Date: Jan 2012
Posts: 1,082
Received Thanks: 1,000
|
Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF? You should also check if the pages are all readable.
|
|
|
|
|
06/17/2014, 15:00
|
#4
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by Peter File
Are you sure you want to scan from 0x04000000 to 0x7FFFFFFF and not from 0x00400000 to 0x7FFFFFFF?
|
Yes just a little fail when i wrote the code here.
Quote:
Originally Posted by Peter File
You should also check if the pages are all readable.
|
All the memory is on PAGE_READWRITE.
|
|
|
|
|
06/17/2014, 15:21
|
#5
|
elite*gold: 420
Join Date: Jan 2012
Posts: 1,082
Received Thanks: 1,000
|
You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.
Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);
If it's still not working you should probably just debug your code lol
|
|
|
|
|
06/17/2014, 15:25
|
#6
|
elite*gold: 20
Join Date: Mar 2007
Posts: 840
Received Thanks: 452
|
You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol
|
|
|
|
|
06/17/2014, 15:27
|
#7
|
elite*gold: 420
Join Date: Jan 2012
Posts: 1,082
Received Thanks: 1,000
|
Quote:
Originally Posted by bUTL9R
You cleary have no idea what you are doing. You aren't searching for bytes, but for *, lol
|
Quote:
|
Originally Posted by SteveRambo
// Put ** instead of the real pattern
|
(cuz dem bytez such secret)
|
|
|
|
|
06/17/2014, 15:38
|
#8
|
elite*gold: 0
Join Date: Feb 2011
Posts: 1,206
Received Thanks: 736
|
1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.
|
|
|
|
|
06/17/2014, 18:28
|
#9
|
elite*gold: 0
Join Date: Sep 2006
Posts: 774
Received Thanks: 8,580
|
Lol @ the secret pattern. This guy must be pro.
|
|
|
|
|
06/17/2014, 19:37
|
#10
|
elite*gold: 15
Join Date: Jun 2011
Posts: 570
Received Thanks: 2,757
|
Quote:
Originally Posted by phize
Lol @ the secret pattern. This guy must be pro.
|
Maybe you should learn to read, i put the ** just to show that i crash whatever the signature is and as a general example but if you insist about having it here it is 21 60 7A 00
Quote:
Originally Posted by Peter File
You are not scanning from 0x00400000 to 0x7FFFFFFF but from 0x00400000 to 0x803FFFFF.
Try FindPattern(0x00400000, 0x7FFFFFFF - 0x00400000, ...);
If it's still not working you should probably just debug your code lol
|
The address i'm searching for it doesn't get stored in more than 0x0F000000 so it's surely not the reason why i crash
Quote:
Originally Posted by Dr. Coxxy
1. youre not searching through the whole user memory - as Peter File already pointed out
2. you have to check if all pages youre trying to search on are readable (they are not) - just skip them if they are not readable, the game most likely wont access them as well.
3. a byte pattern of 4 bytes only will most likely end in a false positive, instead try finding a pointer to the value by reversing how the game accesses it.
|
I'll try your third suggestion, thanx.
|
|
|
|
Similar Threads
|
i need no water and no delay findpattern for ph warrock
03/19/2013 - WarRock - 3 Replies
hellow good coders,
im newbie, and i need ur help,
i need no water and no delay FindPattern for PH WarRock for my addy logger, thanks to all good coders.
|
External FindPattern liefert -1
09/16/2012 - C/C++ - 3 Replies
Hallo E*PVP
Das Programm liefert immer -1 zurück. Die Sig stimmt (per DLL geht es),
aber extern will es nicht ganz. Kann mir einer erklären warum er fehlschlägt?
Habe es auch mit SetDebugPrivileges() probiert.
Danke im vorraus. Gruß, Tom
// INCLUDES //
#include <iostream>
|
Problem [ADDYLOGGER-FindPattern(Signatur)]
01/17/2011 - WarRock - 6 Replies
Hallo liebe Community
ich verzweifel langsam an meinem Problem,
Ich habe durch ein TUT gelernt wie ich die Signaturen finde,
doch ich weiß nicht woran mein fehler liegt.
Denn wenn ich mit DarkOlly die Signatur per SigMaker by P47R!CK erstelle,
bekomme ich 2x die gleichen Signaturen beim herausfinden des Z & Y Offsets.
|
All times are GMT +1. The time now is 17:53.
|
|
