PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Help Converting FindPattern Functions

https://www.purebasic.fr/english/viewtopic.php?t=57500

Page 1 of 1

Re: Help Converting FindPattern Functions

Posted: Tue Nov 26, 2013 8:30 pm
by Danilo
MyNameBorat wrote:A quick example of passing the masks to the function?

Code: Select all

Procedure DataCompare(*pData.Byte, *bMask.Byte, *szMask.Ascii)
    While *szMask\a
         If *szMask\a = 'x' And (*pData\b <> *bMask\b)
             ProcedureReturn #False
         EndIf
         *szMask + 1
         *pData  + 1
         *bMask  + 1
    Wend
    ProcedureReturn Bool( *szMask\a = 0 )
EndProcedure

Procedure FindPattern(dwAddress, dwLen, *bMask.Byte, *szMask.Ascii)
    Protected i = 0
    While i < dwLen
         If DataCompare( dwAddress + i, *bMask, *szMask )
             ProcedureReturn dwAddress + i
         EndIf
         i + 1
    Wend

    ProcedureReturn 0
EndProcedure

DataSection
    bMask:
    Data.a $88,$4d,$ff,$0f,$b6,$55,$ff,$85,$d2,$00,$00,$0f,$b6,$45,$0c,$85
    szMask:
    Data.b 'x','x','x','x','x','x','x','x','x','?','?','x','x','x','x','x'
EndDataSection

*MemoryAddress = AllocateMemory(1024)
If *MemoryAddress
    
    CopyMemory(?bMask,*MemoryAddress+200,16) ; Copy bMask to memory position 200
    
    len = MemorySize(*MemoryAddress)-16
    result = FindPattern(*MemoryAddress,len,?bMask,?szMask)
    
    Debug "Result: "+Str(result)
    Debug "Result - *MemoryAddress: "+Str(result-*MemoryAddress)
    
EndIf

Now that I know szMask is a string in form "xxxx??xxx", it can get converted to string and is easier useable (Ascii+Unicode mode):

Code: Select all

Procedure DataCompare(*pData.Byte, *bMask.Byte, szMask.s)
    *szMask.Character = @szMask
    While *szMask\c
         If *szMask\c = 'x' And (*pData\b <> *bMask\b)
             ProcedureReturn #False
         EndIf
         *szMask + SizeOf(Character)
         *pData  + 1
         *bMask  + 1
    Wend
    ProcedureReturn Bool( *szMask\c = 0 )
EndProcedure

Procedure FindPattern(dwAddress, dwLen, *bMask.Byte, szMask.s)
    Protected i = 0
    While i < dwLen
         If DataCompare( dwAddress + i, *bMask, szMask )
             ProcedureReturn dwAddress + i
         EndIf
         i + 1
    Wend

    ProcedureReturn 0
EndProcedure

DataSection
    bytesToSearch_01:
    Data.a $88,$4d,$ff,$0f,$b6,$55,$ff,$85,$d2,$00,$00,$0f,$b6,$45,$0c,$85
EndDataSection

*MemoryAddress = AllocateMemory(1024)
If *MemoryAddress
    
    CopyMemory(?bytesToSearch_01,*MemoryAddress+321,16) ; Copy bytesToSearch_01 to memory position 321
    
    len = MemorySize(*MemoryAddress)-16
    result = FindPattern(*MemoryAddress,len,?bytesToSearch_01,"xxxxxxxxx??xxxxx")
    
    Debug "Result: "+Str(result)
    Debug "Result - *MemoryAddress: "+Str(result-*MemoryAddress)
    
EndIf

Debug "--------------------"
;
; Example 2
;
Dim memory.b(1000)
memory(800) = 'a'
memory(801) = 'b'
memory(802) = 'c'
memory(803) = 'd'
memory(804) = 'e'
memory(805) = 'f'

Dim bytesToSearch.b(6)
bytesToSearch(0) = 'a'
bytesToSearch(1) = 'b'
bytesToSearch(2) = 'c'
bytesToSearch(3) = 'x'
bytesToSearch(4) = 'x'
bytesToSearch(5) = 'f'


result = FindPattern(@memory(),1000-6,@bytesToSearch(),"xxx??x")
    
Debug "Result: "+Str(result)
Debug "Result - @memory(): "+Str(result-@memory())
MyNameBorat wrote:Also these functions are suppose to read from memory. To compare the byte code to match up the signature to determine the offset. Isn't there suppose to be some PeekX() functions being used as well?
It uses pointers directly, so no PeekX() required. I just translated the C code as is. ;)

Re: Help Converting FindPattern Functions

Posted: Tue Nov 26, 2013 9:04 pm
by MyNameBorat
Danilo wrote:-snip-
Got it working thanks! :D
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited