-
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathPatternScan.cs
More file actions
132 lines (110 loc) · 4.03 KB
/
PatternScan.cs
File metadata and controls
132 lines (110 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
using System.Globalization;
using static CSGO_Offset_Dumper.Win32;
using Spectre.Console;
namespace CSGO_Offset_Dumper
{
//https://guidedhacking.com/threads/simple-c-pattern-scan.13981/
internal class PatternScan
{
internal static void GetSignatureOffsets(JsonClasses.Config.Signature[] SignatureConfig, ref Dictionary<string, int> Signatures)
{
foreach (var sig in SignatureConfig)
{
if (Signatures.ContainsKey(sig.name))//Remove duplicates (some configs might have duplicates)
continue;
var mod = (MODULEENTRY32)Win32.GetModule((IntPtr)Program.ProcessID, sig.module);
int offset = (int)PatternScanMod(mod, sig.pattern);
if (offset == 0)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"Could not find {sig.name}");
Console.ForegroundColor = ConsoleColor.Yellow;
continue;
}
//Offsets
foreach (int sigoffset in sig.offsets)
{
offset += sigoffset;
offset = Win32.ReadMemory<int>(offset);
}
//Extra
if (sig.extra > 0)
{
offset += sig.extra;
}
//Relative
if (sig.relative)
{
offset -= (int)mod.modBaseAddr;
}
AnsiConsole.MarkupLine($"[grey]Found signature [blue]{sig.name}[/] -> [blue]0x{offset:X}[/][/]");
Signatures.Add(sig.name, offset);
}
}
public static bool CheckPattern(string pattern, byte[] array2check)
{
string[] strBytes = pattern.Split(' ');
int x = 0;
foreach (byte b in array2check)
{
if (strBytes[x] == "?" || strBytes[x] == "??")
{
x++;
}
else if (byte.Parse(strBytes[x], NumberStyles.HexNumber) == b)
{
x++;
}
else
{
return false;
}
}
return true;
}
public static IntPtr PatternScanMod(Win32.MODULEENTRY32 pMod, string pattern)
{
try
{
byte[] module = ReadModule(pMod);
int offset = ScanBasic(pattern, module);
if (offset == -1)
{
return IntPtr.Zero;
// throw new Exception("Pattern could not be found in module " + pMod.szModule);
}
//Return it with the full address to resolve offsets, remove it later if its relative
return (IntPtr)(offset + (int)pMod.modBaseAddr);
}
catch (Exception)
{
return IntPtr.Zero;
}
}
public static int ScanBasic(string pattern, byte[] buffer)
{
string[] pBytes = pattern.Split(' ');
for (int y = 0; y < buffer.Length; y++)
{
if (buffer[y] == byte.Parse(pBytes[0], NumberStyles.HexNumber))
{
byte[] checkArray = new byte[pBytes.Length];
for (int x = 0; x < pBytes.Length; x++)
{
checkArray[x] = buffer[y + x];
}
if (CheckPattern(pattern, checkArray))
{
return y;
}
//else
//{
// //Sometimes the pattern might be inside the wrong checkArray but the start of the right pattern is inside checkArray
// //y += pBytes.Length - (pBytes.Length / 2);
//}
}
}
return -1;
}
}
}