[source] find offsets in c++ (in sro_client.exe)

[TheSpy]

C++ does not offer something like AutoIt does, so I had to do it myself. The main idea of the code (how to do it) was a suggestion of Drew Benton. The search patters are from lolkop's AutoIt script.

This is how it looks in AutoIt:

Code:

$pos = StringRegExp($content, "81C4EC010000C21400(.*?)CCCCCCCCCCCCCCCC", 3)

Here is my C++ script, still messy code and can't be added like this to anything really... I might make it write all offsets in some config file or something when I'll have time to rewrite it.

Code:

// SilkSearch.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "windows.h"
#include "stdio.h"
#include "stdlib.h"

int _tmain(int argc, _TCHAR* argv[])
{
	FILE * pFile;
	long lSize;
	BYTE * buffer;
	size_t result;

	
	//pFile = fopen ( "C:\\Documents and Settings\\Safilix\\Desktop\\USB - SQL\\au3\\New Folder\\sro_client.exe" , "rb" );
	fopen_s(&pFile, "C:\\Documents and Settings\\Safilix\\Desktop\\USB - SQL\\au3\\New Folder\\sro_client.exe" , "rb" );
	if (pFile==NULL) {
		fputs ("File error",stderr);
		exit (1);
	}

	fseek (pFile , 0 , SEEK_END);
	lSize = ftell (pFile);
	rewind (pFile);

	buffer = (BYTE*) malloc (sizeof(char)*lSize);
	if (buffer == NULL) {
		fputs ("Memory error",stderr);
		exit (2);
	}

	result = fread (buffer,1,lSize,pFile);
	if (result != lSize) {
		fputs ("Reading error",stderr);
		exit (3);
	}

	printf("Loaded the file! Begin the search...\n\n");

	int pointer = 0;
	BYTE * data = buffer;
	BYTE pattern[] = { 0x81, 0xC4, 0xEC, 0x01, 0x00, 0x00, 0xC2, 0x14, 0x00 };
	BYTE pattern2[] = { 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC };
	LPBYTE start = data;
	LPBYTE end = start + lSize;
	LPBYTE cur = start;
	LPBYTE tmp;
	bool found = true;
	
	while(cur < end)
	{
		while(*++cur != *pattern && cur < end);
		found = true;
		for(int x = 0; x < sizeof(pattern); x++)
		{
			if(*(cur + x) != pattern[x])
			{
				found = false;
				break;
			}
		}
		if(found)
		{
			while(cur < end)
			{
				tmp = cur;
				while(*++tmp != *pattern2 && tmp < end);
				found = true;
				for(int x = 0; x < sizeof(pattern2); x++)
				{
					if(*(tmp + x) != pattern2[x])
					{
						found = false;
						break;
					}
				}
				if(found) break;

			}

			for(int x = 0; x < (int)(tmp - cur - sizeof(pattern2)); x++)
			{
				if(!(x%4))
				{
					printf("\n");
				}
				if(x == 36)
					printf("\nwhisper: ");
				if(x == 12)
					printf("\nparty: ");
				if(x == 16)
					printf("\nguild: ");
				if(x == 40)
					printf("\nunion: ");
				if(x == 20)
					printf("\nglobal: ");

				if(!(x%4))
				{
					pointer = 0;
					for(int y = 3; y>=0; y--)
					{
						pointer <<= 8;
						pointer += *(cur + sizeof(pattern) + y + x);
					}
					printf("[%x] - ", pointer);
				}
				printf("%2x ", *(cur + sizeof(pattern) + x));
			}
			printf("\n");
		}
	}

	fclose (pFile);
	free (buffer);

	return 0;
}

Feel free to play around with it, it's nothing for beginners. You REALLY have to understand a lot of C++, even I had a few problems to understand the base that Drew gave me. Later I figured it out somehow. ^^

[necro_3]

Ty with respect

[lolkop]

theres no regexp included in c++? :O

[TheSpy]

Quote:

Originally Posted by lolkop

theres no regexp included in c++? :O

There is, but you can't load in the file as a normal string (well you can, but it takes ages to do anything) so that's why this has to be done. It does it's work in a matter of milliseconds.

Btw... could a mod rename the thread to "[source] find offsets in c++ (in sro_client.exe)" please? I forgot to add it >_<

#Done