Registration Code (Part 1): w%kQ6
Registration Code (Part 2): b<#$1[*(cw~
In order to register on this forum, you must use the codes above. Combine them into one code (copy paste).

C++11 Signature Scanning

Programming topics that relate to the C/C++ languages.
User avatar
atom0s
Site Admin
Posts: 401
Joined: Sun Jan 04, 2015 11:23 pm
Location: 127.0.0.1
Contact:

Re: C++11 Signature Scanning

Post by atom0s » Mon Feb 08, 2016 4:49 pm

Here is an updated version of my scanner. I rewrote the pattern/mask usage to now just be a single string. I got tired of maintaining masks and patterns separately so they are now in a single string. This does not include half-byte scans as I do not find them useful or needed.
  1. /**
  2.  * Scans the given data for the pattern.
  3.  *
  4.  * @param {vector} data                     The data to scan within for the given pattern.
  5.  * @param {intptr_t} baseAddress            The base address of where the scan is starting from.
  6.  * @param {const char*} lpPattern           The pattern to scan for. (Wildcards are marked as ?? per byte.)
  7.  * @param {intptr_t} offset                 The offset to add to the found location.
  8.  * @param {intptr_t} resultUsage            The result offset to use when locating signatures that match multiple locations.
  9.  * @returns {intptr_t}                      The address where the pattern was found, 0 otherwise.
  10.  */
  11. intptr_t FindPattern(std::vector<unsigned char> data, intptr_t baseAddress, const char* lpPattern, intptr_t offset, intptr_t resultUsage)
  12. {
  13.     // Ensure the incoming pattern is properly aligned..
  14.     if (strlen(lpPattern) % 2 > 0)
  15.         return 0;
  16.  
  17.     // Convert the pattern to a vector of data..
  18.     std::vector<std::pair<unsigned char, bool>> pattern;
  19.     for (size_t x = 0, y = strlen(lpPattern) / 2; x < y; x++)
  20.     {
  21.         // Obtain the current byte..
  22.         std::stringstream stream(std::string(lpPattern + (x * 2), 2));
  23.  
  24.         // Check if this is a wildcard..
  25.         if (stream.str() == "??")
  26.             pattern.push_back(std::make_pair(00, false));
  27.         else
  28.         {
  29.             auto byte = strtol(stream.str().c_str(), nullptr, 16);
  30.             pattern.push_back(std::make_pair((unsigned char)byte, true));
  31.         }
  32.     }
  33.  
  34.     auto scanStart = data.begin();
  35.     auto resultCnt = 0;
  36.  
  37.     while (true)
  38.     {
  39.         // Search for the pattern..
  40.         auto ret = std::search(scanStart, data.end(), pattern.begin(), pattern.end(),
  41.             [&](unsigned char curr, std::pair<unsigned char, bool> currPattern)
  42.         {
  43.             return (!currPattern.second) || curr == currPattern.first;
  44.         });
  45.  
  46.         // Did we find a match..
  47.         if (ret != data.end())
  48.         {
  49.             // If we hit the usage count, return the result..
  50.             if (resultCnt == resultUsage || resultUsage == 0)
  51.                 return (std::distance(data.begin(), ret) + baseAddress) + offset;
  52.  
  53.             // Increment the found count and scan again..
  54.             ++resultCnt;
  55.             scanStart = ++ret;
  56.         }
  57.         else
  58.             break;
  59.     }
  60.  
  61.     return 0;
  62. }
Derp~
Need a great web host? Check out: AnHonestHost.com


Donations can be made via Paypal:
https://www.paypal.me/atom0s
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest