; Hello team
; I'm trying to search the Current Process Memory for a certain pattern.
; I'm trying since yeasterday PeekS & PeekL to do the comparsion but both didn't work.
; Pease help.
Procedure SearchMemoryPattern()
Pattern.s = "E821C2000085C0741B" ; Pattern to search in Memory
hModule = GetModuleHandle_(0) ; Working with Current Process Memory
StartAddress = hModule
EndAddress = hModule + 10000
PatternLen = Len(Pattern) ; Get the size of the Pattern
MemoryBuffer = AllocateMemory(PatternLen) ; Allocate a buffer to read memory into
For MemoryAddress = StartAddress To EndAddress ; Loop through memory to search for the Pattern
CopyMemory(MemoryAddress, MemoryBuffer, PatternLen)
MemoryData.s = PeekS(MemoryBuffer, PatternLen) ; Doent give expected values (Note:PeekL doesnt cover the whole Pattern Length)
If MemoryData = Pattern
MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress)) ; Pattern found!
EndIf
Next
FreeMemory(MemoryBuffer) ; Free the allocated buffer
EndProcedure
You have a HEX pattern. What do you read with PeekS()
Not a Hex String.
You need Hex() to get a hex string.
But the better way is to convert your string pattern to a byte pattern.
Then compare the bytes with CompareMemory()
Dear Olli: Thanks for the link, however I couldn't make use of it.
Dear infratec: I tried to recode as you advised, but again stuck in the 'Comparison' logic between "MemOrg" & the "Pattern":
Procedure FindPattern (Pattern.s)
PatternLen = Len(Pattern)
hModule = GetModuleHandle_(0) ; Working with Current Process Memory
StartAddress = hModule
EndAddress = hModule + 10000
MemoryBuffer = AllocateMemory(PatternLen) ; Allocate a buffer to read memory into
For MemoryAddress = StartAddress To EndAddress ; Loop through memory to search for the Pattern
CopyMemory(MemoryAddress, MemoryBuffer, PatternLen)
MemOrg.s = PeekS(MemoryBuffer, PatternLen) ; PeekQ(MemoryBuffer) or PeekL(MemoryBuffer) didn't help
; If CompareMemoryString(MemOrg, ValD(Pattern), PatternLen) = 0 ; CompareMemory' also didn't help
; MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress)) ; Pattern found!
; EndIf
If MemOrg = Pattern
MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress)) ; Pattern found!
EndIf
Next
FreeMemory(MemoryBuffer) ; Free the allocated buffer
EndProcedure
PatternToSearch.s = "85C0741B488D05"
PatternLen = Len(PatternToSearch)
For i = PatternLen To 2 Step -2
Pattern.s = Pattern + Mid(PatternToSearch, i - 1, 2) ; Reversing Bytes Order
Next
FindPattern (Pattern)
Please explain in a bit more detail what you are trying to achieve here.
There are several things with your code that make no sense.
First of all: If a string has a length of 10 characters, it does consume 10 * SizeOf(Character) = 20 Bytes because Strings are Unicode in Purebasic.
Second: Why do you copy memory around instead of just use PeekS(MemoryAddress, PatternLen) in the first place?
Third: Are you sure the data you are looking for is a string at all? Or is it more likely to be binary data? If it's binary data you can not use PeekS() for that because raw binary data can consist of Null bytes and invalid characters where PeekS() would fail. Also you first need to convert your Hex-Search-Pattern into binary first.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Mr. NicTheQuick,
I believe you are much more polite than other members.
Forget about my request, I already solved it by myself.
I was asking about the comparison statement in my code (it's one line ONLY!), and then, a "very clever guy" tell you, go & read the reference!!!
It's really Shame!
I must stress this again: you'll really want to familiarise yourself more with PureBasic (
I did not read it !
