-
-
Save xetrics/fb58bb84c6abea4dcdfab463a196705c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <node.h> | |
#include <windows.h> | |
#include <TlHelp32.h> | |
#include <vector> | |
#include "pattern.h" | |
#include "memoryjs.h" | |
#include "process.h" | |
#include "memory.h" | |
#define INRANGE(x,a,b) (x >= a && x <= b) | |
#define getBits( x ) (INRANGE(x,'0','9') ? (x - '0') : ((x&(~0x20)) - 'A' + 0xa)) | |
#define getByte( x ) (getBits(x[0]) << 4 | getBits(x[1])) | |
pattern::pattern() {} | |
pattern::~pattern() {} | |
using v8::Object; | |
/* based off Y3t1y3t's implementation */ | |
uintptr_t pattern::findPattern(MODULEENTRY32 module, const char* pattern, short sigType, uintptr_t patternOffset, uintptr_t addressOffset) | |
{ | |
auto moduleSize = uintptr_t(module.modBaseSize); | |
auto moduleBase = uintptr_t(module.hModule); | |
auto moduleBytes = std::vector<unsigned char>(moduleSize); | |
ReadProcessMemory(process::hProcess, LPCVOID(moduleBase), &moduleBytes[0], moduleSize, nullptr); | |
auto byteBase = const_cast<unsigned char*>(&moduleBytes.at(0)); | |
auto maxOffset = moduleSize - 0x1000; | |
for (auto offset = 0UL; offset < maxOffset; ++offset) { | |
if (compareBytes(byteBase + offset, pattern)) { | |
auto address = moduleBase + offset + patternOffset; | |
/* read memory at pattern if flag is raised*/ | |
if (sigType & ST_READ) ReadProcessMemory(process::hProcess, LPCVOID(address), &address, sizeof(uintptr_t), nullptr); | |
/* subtract image base if flag is raised */ | |
if (sigType & ST_SUBTRACT) address -= moduleBase; | |
return address + addressOffset; | |
} | |
} | |
/* the method that calls this will check to see if the value is -2 | |
and throw a 'no match' error */ | |
return -2; | |
}; | |
bool pattern::compareBytes(const unsigned char* bytes, const char* pattern) { | |
for (; *pattern; *pattern != ' ' ? ++bytes : bytes, ++pattern) { | |
if (*pattern == ' ' || *pattern == '?') | |
continue; | |
if (*bytes != getByte(pattern)) | |
return false; | |
++pattern; | |
} | |
return true; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment