Advertisement
CasualGamer

Internal Pattern Scanner

Nov 23rd, 2019
3,322
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.92 KB | None | 0 0
  1. // dllmain.cpp : Defines the entry point for the DLL application.
  2. #include <Windows.h>
  3. #include<iostream>
  4. #include <vector>
  5.  
  6. HMODULE myhModule;
  7.  
  8. DWORD __stdcall EjectThread(LPVOID lpParameter) {
  9.     Sleep(100);
  10.     FreeLibraryAndExitThread(myhModule, 0);
  11. }
  12.  
  13. DWORD GetAddressFromSignature(std::vector<int> signature, DWORD startaddress=0, DWORD endaddress=0) {
  14.     SYSTEM_INFO si;
  15.     GetSystemInfo(&si);
  16.     if (startaddress == 0) {
  17.         startaddress = (DWORD)(si.lpMinimumApplicationAddress);
  18.     }
  19.     if (endaddress == 0) {
  20.         endaddress = (DWORD)(si.lpMaximumApplicationAddress);
  21.     }
  22.  
  23.     MEMORY_BASIC_INFORMATION mbi{ 0 };
  24.     DWORD protectflags = (PAGE_GUARD | PAGE_NOCACHE | PAGE_NOACCESS);
  25.  
  26.     for (DWORD i = startaddress; i < endaddress -signature.size(); i++) {
  27.         //std::cout << "scanning: " << std::hex << i << std::endl;
  28.         if (VirtualQuery((LPCVOID)i, &mbi, sizeof(mbi))) {
  29.             if (mbi.Protect & protectflags || !(mbi.State & MEM_COMMIT)) {
  30.                 std::cout << "Bad Region! Region Base Address: " << mbi.BaseAddress << " | Region end address: " << std::hex << (int)((DWORD)mbi.BaseAddress + mbi.RegionSize) << std::endl;
  31.                 i += mbi.RegionSize;
  32.                 continue; // if bad adress then dont read from it
  33.             }
  34.             std::cout << "Good Region! Region Base Address: " << mbi.BaseAddress << " | Region end address: " << std::hex << (int)((DWORD)mbi.BaseAddress + mbi.RegionSize) << std::endl;
  35.             for (DWORD k = (DWORD)mbi.BaseAddress; k < (DWORD)mbi.BaseAddress + mbi.RegionSize - signature.size(); k++) {
  36.                 for (DWORD j = 0; j < signature.size(); j++) {
  37.                     if (signature.at(j) != -1 && signature.at(j) != *(byte*)(k + j))
  38.                         break;
  39.                     if (j + 1 == signature.size())
  40.                         return k;
  41.                 }
  42.             }
  43.             i = (DWORD)mbi.BaseAddress + mbi.RegionSize;
  44.         }
  45.     }
  46.     return NULL;
  47. }
  48.  
  49. DWORD WINAPI Menue() {
  50.     AllocConsole();
  51.     FILE* fp;
  52.     freopen_s(&fp, "CONOUT$", "w", stdout); // output only
  53.     std::cout << "Press 0 to Exit | Press 1 for Scanning" << std::endl;
  54.     while (1) {
  55.         Sleep(100);
  56.         if (GetAsyncKeyState(VK_NUMPAD0))
  57.             break;
  58.         if (GetAsyncKeyState(VK_NUMPAD1)) {
  59.             std::vector<int> sig = { 0xA1, -1, -1, -1, -1, 0x8B, 0x15, -1, -1, -1, -1, 0x3B, 0x50, 0x04, 0x73, 0x05, 0x8B, 0x44, 0x90, 0x08 };
  60.             DWORD Entry = GetAddressFromSignature(sig,0x4A000000,0x50000000);
  61.             if(Entry == NULL)
  62.                 Entry = GetAddressFromSignature(sig, 0x1F000000, 0x4A000000);
  63.             if (Entry == NULL)
  64.                 Entry = GetAddressFromSignature(sig);
  65.             std::cout << "Result" << std::hex << (int)Entry << std::endl;
  66.         }
  67.     }
  68.     fclose(fp);
  69.     FreeConsole();
  70.     CreateThread(0, 0, EjectThread, 0, 0, 0);
  71.     int i = 0;
  72.     return 0;
  73. }
  74.  
  75.  
  76. BOOL APIENTRY DllMain(HMODULE hModule,
  77.     DWORD  ul_reason_for_call,
  78.     LPVOID lpReserved
  79. )
  80. {
  81.     switch (ul_reason_for_call)
  82.     {
  83.     case DLL_PROCESS_ATTACH:
  84.         myhModule = hModule;
  85.         CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Menue, NULL, 0, NULL);
  86.     case DLL_THREAD_ATTACH:
  87.     case DLL_THREAD_DETACH:
  88.     case DLL_PROCESS_DETACH:
  89.         break;
  90.     }
  91.     return TRUE;
  92. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement