PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Search Memory Pattern

https://www.purebasic.fr/english/viewtopic.php?t=82661

Page 1 of 1

Search Memory Pattern

Posted: Sat Oct 14, 2023 3:16 pm
by PoorMan
; Hello team
; I'm trying to search the Current Process Memory for a certain pattern.
; I'm trying since yeasterday PeekS & PeekL to do the comparsion but both didn't work.
; Pease help.

Code: Select all

Procedure SearchMemoryPattern()
  Pattern.s = "E821C2000085C0741B"                       ; Pattern to search in Memory
  
  hModule = GetModuleHandle_(0)                          ; Working with Current Process Memory
  StartAddress = hModule
  EndAddress = hModule + 10000
  
  PatternLen = Len(Pattern)                               ; Get the size of the Pattern
  MemoryBuffer = AllocateMemory(PatternLen)               ; Allocate a buffer to read memory into
  
  For MemoryAddress = StartAddress To  EndAddress         ; Loop through memory to search for the Pattern
    CopyMemory(MemoryAddress, MemoryBuffer, PatternLen)
    MemoryData.s = PeekS(MemoryBuffer, PatternLen)        ; Doent give expected values (Note:PeekL doesnt cover the whole Pattern Length)
    
     If MemoryData = Pattern
      MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress))      ; Pattern found!
    EndIf
  Next

  FreeMemory(MemoryBuffer)  ; Free the allocated buffer

EndProcedure
// Code Tags added (Kiffi)

Re: Search Memory Pattern

Posted: Sat Oct 14, 2023 8:59 pm
by Olli
You should use this.

Re: Search Memory Pattern

Posted: Sat Oct 14, 2023 9:21 pm
by infratec
You have a HEX pattern. What do you read with PeekS() :?:

Not a Hex String.
You need Hex() to get a hex string.
But the better way is to convert your string pattern to a byte pattern.
Then compare the bytes with CompareMemory()

Re: Search Memory Pattern

Posted: Sun Oct 15, 2023 9:03 pm
by PoorMan
Dear Olli: Thanks for the link, however I couldn't make use of it.
Dear infratec: I tried to recode as you advised, but again stuck in the 'Comparison' logic between "MemOrg" & the "Pattern":

Code: Select all

Procedure FindPattern (Pattern.s)
  PatternLen = Len(Pattern)
  hModule = GetModuleHandle_(0)                                                      ; Working with Current Process Memory
  StartAddress = hModule
  EndAddress = hModule + 10000
  
  MemoryBuffer = AllocateMemory(PatternLen)                                           ; Allocate a buffer to read memory into
  
  For MemoryAddress = StartAddress To  EndAddress                                     ; Loop through memory to search for the Pattern
    CopyMemory(MemoryAddress, MemoryBuffer, PatternLen)
    
    MemOrg.s = PeekS(MemoryBuffer, PatternLen)                                        ; PeekQ(MemoryBuffer) or PeekL(MemoryBuffer) didn't help
    
    ;     If CompareMemoryString(MemOrg, ValD(Pattern), PatternLen) = 0               ; CompareMemory' also didn't help
    ;       MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress))   ; Pattern found!
    ;     EndIf
    
    If MemOrg = Pattern
      MessageRequester("", "Pattern found at address: " + Hex(MemoryAddress))         ; Pattern found!
    EndIf
    
    
  Next
  FreeMemory(MemoryBuffer)  ; Free the allocated buffer
  
EndProcedure


PatternToSearch.s = "85C0741B488D05"
PatternLen = Len(PatternToSearch)

For i = PatternLen To 2 Step -2        
  Pattern.s = Pattern + Mid(PatternToSearch, i - 1, 2)                               ; Reversing Bytes Order
Next

FindPattern (Pattern)

Re: Search Memory Pattern

Posted: Sun Oct 15, 2023 10:24 pm
by Olli
yuki wrote: ⚠️ I must stress this again: you'll really want to familiarise yourself more with PureBasic (reference manual) [...]

Re: Search Memory Pattern

Posted: Tue Oct 17, 2023 9:07 pm
by PoorMan
With such great Assistance, now everyone will buy PB before going to sleep!
:oops:

Re: Search Memory Pattern

Posted: Wed Oct 18, 2023 10:56 am
by NicTheQuick
Please explain in a bit more detail what you are trying to achieve here.
There are several things with your code that make no sense.

First of all: If a string has a length of 10 characters, it does consume 10 * SizeOf(Character) = 20 Bytes because Strings are Unicode in Purebasic.
Second: Why do you copy memory around instead of just use PeekS(MemoryAddress, PatternLen) in the first place?
Third: Are you sure the data you are looking for is a string at all? Or is it more likely to be binary data? If it's binary data you can not use PeekS() for that because raw binary data can consist of Null bytes and invalid characters where PeekS() would fail. Also you first need to convert your Hex-Search-Pattern into binary first.

Re: Search Memory Pattern

Posted: Wed Oct 18, 2023 5:58 pm
by PoorMan
Mr. NicTheQuick,
I believe you are much more polite than other members.
Forget about my request, I already solved it by myself.
I was asking about the comparison statement in my code (it's one line ONLY!), and then, a "very clever guy" tell you, go & read the reference!!!
It's really Shame!

Re: Search Memory Pattern

Posted: Wed Oct 18, 2023 6:29 pm
by Olli
:shock: I did not read it !
poorMan wrote:yuki: You are right, I'm trying to hook a game.
:lol:
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited