-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathAOB.cpp
112 lines (94 loc) · 2.46 KB
/
AOB.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#include "framework.h"
#include <vector>
#include <regex>
#include <string>
#include <iostream>
#include "AOB.h"
namespace AOB {
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
return 0;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE* bMask, char* szMask)
{
for (DWORD i = 0; i < (dwLen - strlen((char*)szMask)); i++)
{
if (bCompare((BYTE*)(dwAddress + i), bMask, szMask))
{
return (DWORD)(dwAddress + i);
}
}
return 0;
}
std::vector<char> HexToBytes(const std::string& hex)
{
std::vector<char> bytes;
for (unsigned int i = 0; i < hex.length(); i += 2) {
std::string byteString = hex.substr(i, 2);
char byte = (char)strtol(byteString.c_str(), NULL, 16);
bytes.push_back(byte);
}
return bytes;
}
DWORD Scan(char* content, char* mask, DWORD min, DWORD max)
{
SYSTEM_INFO si;
GetSystemInfo(&si);
_MEMORY_BASIC_INFORMATION32 mbi;
DWORD address = min;
int remainder = 0;
while (VirtualQuery((LPCVOID) address, ((MEMORY_BASIC_INFORMATION*)&mbi), sizeof(MEMORY_BASIC_INFORMATION)) != 0) {
if (mbi.State == MEM_COMMIT) {
if ((mbi.Type != MEM_MAPPED) && (mbi.Type != MEM_PRIVATE)) {
if ((mbi.Protect & PAGE_NOACCESS) == 0) {
// address = 0x401002
// mbi.BaseAddress = 0x401000
DWORD needle = FindPattern(address, mbi.RegionSize, (BYTE*)content, mask);
if (needle == 0) {
// address = 0x401000
address = mbi.BaseAddress;
}
else {
return needle;
}
}
}
}
// address = 0x59E000
address += mbi.RegionSize;
if (address > max) {
return 0;
}
}
return 0;
}
DWORD FindInRange(std::string ucp_aob_spec, DWORD min, DWORD max) {
std::string haystack = ucp_aob_spec;
std::regex target("([A-Fa-f0-9]{2})|([?]+)");
std::smatch sm;
std::string content("");
std::string mask("");
while (std::regex_search(haystack, sm, target))
{
if (sm[0] == "?") {
mask += " ";
content += "FF"; //Or 00? We just need dummy content here.
}
else {
mask += "x";
content += sm[0].str();
}
haystack = sm.suffix();
}
return Scan((char*)(&AOB::HexToBytes(content)[0]), (char*)mask.c_str(), min, max);
}
// TODO: find all?
// example: Find("57 E8 7B C0 10 ?")
DWORD Find(std::string ucp_aob_spec)
{
return FindInRange(ucp_aob_spec, 0x400000, 0x7FFFFFFF);
}
}