Skip to content

Commit 1a9c0c6

Browse files
AceSLSAceSLS
committed
Replace LM_SigScan with MemHlp::patternScan
1 parent 05bfb1b commit 1a9c0c6

2 files changed

Lines changed: 68 additions & 1 deletion

File tree

src/memhlp.cpp

Lines changed: 64 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,72 @@
44

55
#include <vector>
66

7+
std::vector<int16_t> MemHlp::patternToBytes(const char* pattern)
8+
{
9+
auto bytes = std::vector<int16_t>();
10+
11+
char* start = const_cast<char*>(pattern);
12+
char* end = start + strlen(pattern);
13+
14+
while (start < end)
15+
{
16+
if (*start == '?')
17+
{
18+
bytes.emplace_back(-1);
19+
}
20+
else if (*start != ' ')
21+
{
22+
bytes.emplace_back(std::strtoul(start, &start, 16));
23+
}
24+
25+
start++;
26+
}
27+
28+
return bytes;
29+
}
30+
31+
lm_address_t MemHlp::patternScan(const char* pattern, lm_module_t module)
32+
{
33+
const auto bytes = patternToBytes(pattern);
34+
35+
//For some reason these last bytes crash on read access, even if PROT_R is set.
36+
//If anyone knows why that could be please let me know <3
37+
constexpr lm_address_t excludeTailSize = 0xd8000;
38+
const lm_address_t end = module.end - excludeTailSize - bytes.size() - 1;
39+
40+
for (lm_address_t cur = module.base; cur < end; cur++)
41+
{
42+
bool found = true;
43+
for(unsigned int i = 0; i < bytes.size(); i++)
44+
{
45+
if (bytes.at(i) == -1)
46+
{
47+
continue;
48+
}
49+
50+
lm_address_t byteAddr = cur + i;
51+
52+
const lm_byte_t* pbyte = reinterpret_cast<lm_byte_t*>(byteAddr);
53+
if (*pbyte != bytes.at(i))
54+
{
55+
found = false;
56+
break;
57+
}
58+
}
59+
60+
if (found)
61+
{
62+
return cur;
63+
}
64+
}
65+
66+
return LM_ADDRESS_BAD;
67+
}
68+
769
lm_address_t MemHlp::searchSignature(const char* name, const char* signature, lm_module_t module, SigFollowMode mode, void* extraData, size_t extraDataSize)
870
{
9-
lm_address_t address = LM_SigScan(signature, module.base, module.size);
71+
//lm_address_t address = LM_SigScan(signature, module.base, module.size);
72+
lm_address_t address = patternScan(signature, module);
1073
if (address == LM_ADDRESS_BAD)
1174
{
1275
g_pLog->debug("Unable to find signature for %s!\n", name);

src/memhlp.hpp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
#include <cstddef>
66
#include <cstdio>
77
#include <cstdlib>
8+
#include <vector>
89

910
namespace MemHlp
1011
{
@@ -42,6 +43,9 @@ namespace MemHlp
4243
return true;
4344
}
4445

46+
std::vector<int16_t> patternToBytes(const char* pattern);
47+
lm_address_t patternScan(const char* pattern, lm_module_t module);
48+
4549
lm_address_t searchSignature(const char* name, const char* signature, lm_module_t module, SigFollowMode mode, void* extraData, size_t extraDataSize);
4650
lm_address_t searchSignature(const char* name, const char* signature, lm_module_t module, SigFollowMode mode);
4751
lm_address_t searchSignature(const char* name, const char* signature, lm_module_t module);

0 commit comments

Comments
 (0)