bats3c/pattern_search_etwcallback.c

## pattern_search_etwcallback.c
#define PATTERN "\x48\x83\xec\x38\x4c\x8b\x0d"

DWORD i;
LPVOID lpCallbackOffset;

for (i = 0; i < 0xfffff; i++)
{
    if (!memcmp((PVOID)(dwBase + i), (unsigned char*)PATTERN, strlen(PATTERN)))
    {
        lpCallbackOffset = (LPVOID)(dwBase + i);
    }
}
	#define PATTERN "\x48\x83\xec\x38\x4c\x8b\x0d"

	DWORD i;
	LPVOID lpCallbackOffset;

	for (i = 0; i < 0xfffff; i++)
	{
	if (!memcmp((PVOID)(dwBase + i), (unsigned char*)PATTERN, strlen(PATTERN)))
	{
	lpCallbackOffset = (LPVOID)(dwBase + i);
	}
	}