-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathScanner.h
More file actions
113 lines (93 loc) · 2.75 KB
/
Scanner.h
File metadata and controls
113 lines (93 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
// https://github.com/Zer0Mem0ry/SignatureScanner
#pragma once
#include <iostream>
#include <string>
#include <Windows.h>
#include <TlHelp32.h>
// Better than using namespace std;
using std::cout;
using std::endl;
using std::string;
// datatype for a module in memory (dll, regular exe)
struct module
{
uint64_t dwBase = NULL;
uint64_t dwSize = NULL;
};
class SignatureScanner
{
public:
module TargetModule; // Hold target module
HANDLE TargetProcess; // for target process
DWORD TargetId; // for target process
void SetProcess(HANDLE process) {
TargetProcess = process;
TargetId = GetProcessId(process);
}
// For getting a handle to a process
HANDLE GetProcess(const char* processName)
{
HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 entry;
entry.dwSize = sizeof(entry);
do
if (!strcmp(entry.szExeFile, processName)) {
TargetId = entry.th32ProcessID;
CloseHandle(handle);
TargetProcess = OpenProcess(PROCESS_ALL_ACCESS, false, TargetId);
return TargetProcess;
}
while (Process32Next(handle, &entry));
return nullptr;
}
// For getting information about the executing module
module GetModule(const char* moduleName) {
HANDLE hmodule = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, TargetId);
MODULEENTRY32 mEntry;
mEntry.dwSize = sizeof(mEntry);
do {
if (strcmp(mEntry.szModule, (LPSTR)moduleName) == 0) {
CloseHandle(hmodule);
return TargetModule = { (uint64_t)mEntry.hModule, (uint64_t)mEntry.modBaseSize };
}
} while (Module32Next(hmodule, &mEntry));
return TargetModule = { };
}
// Basic WPM wrapper, easier to use.
template <typename var>
bool WriteMemory(uint64_t Address, var Value) {
return WriteProcessMemory(TargetProcess, (LPVOID)Address, &Value, sizeof(var), 0);
}
// Basic RPM wrapper, easier to use.
template <typename var>
var ReadMemory(uint64_t Address) {
var value;
ReadProcessMemory(TargetProcess, (LPCVOID)Address, &value, sizeof(var), NULL);
return value;
}
// for comparing a region in memory, needed in finding a signature
bool MemoryCompare(const BYTE* bData, const BYTE* bMask, const char* szMask) {
for (; *szMask; ++szMask, ++bData, ++bMask) {
if (*szMask == 'x' && *bData != *bMask) {
return false;
}
}
return (*szMask == NULL);
}
// for finding a signature/pattern in memory of another process
uint64_t FindSignature(uint64_t start, uint64_t size, const char* sig, const char* mask)
{
BYTE* data = new BYTE[size];
SIZE_T bytesRead;
ReadProcessMemory(TargetProcess, (LPVOID)start, data, size, &bytesRead);
for (uint64_t i = 0; i < size; i++)
{
if (MemoryCompare((const BYTE*)(data + i), (const BYTE*)sig, mask)) {
delete[] data;
return start + i;
}
}
delete[] data;
return NULL;
}
};