C++内存搜索特征码
#pragma once#include <windows.h>
#include <string>
#include <vector>
namespace FeatureFunc
{
/*
??通配符
Demo:
FeatureFunc::Find(Module,"48 E8 CC ?? 05 FF")
*/
DWORD64 Find(DWORD64 Module, std::string Feature)
{
// 去空
for (int i = 0; i < Feature.length(); i++)
{
if (Feature == ' ')
Feature.replace(i, 1, "");
}
if (Feature.size() < 2)
return 0;
if (Feature.size() % 2 != 0)
return 0;
std::vector<std::pair<bool, byte>> Bytes;
// 字节、掩码生成
for (int i = 0; i < Feature.length(); i += 2)
{
if (Feature.substr(i, 2) == "??")
Bytes.push_back(std::make_pair<bool, byte>(false, 0x0));
else
Bytes.push_back(std::make_pair<bool, byte>(true, static_cast<byte>(std::stol(Feature.substr(i, 2), 0, 16))));
}
// 校对
PIMAGE_DOS_HEADER pImageDos = reinterpret_cast<PIMAGE_DOS_HEADER>(Module);
PIMAGE_NT_HEADERS32 pImageNt = reinterpret_cast<PIMAGE_NT_HEADERS32>(Module + pImageDos->e_lfanew);
DWORD Length = pImageNt->OptionalHeader.SizeOfImage - Bytes.size();
for (int Offset = 0; Offset < Length; Offset++)
{
if (!IsBadHugeReadPtr(reinterpret_cast<PVOID>(Module + Offset), 1))
{
byte* pTempByte = reinterpret_cast<byte*>(Module + Offset);
int ProofNum = 0;
for (auto SingleByte : Bytes)
{
if (SingleByte.first && SingleByte.second != *pTempByte)
break;
pTempByte++;
ProofNum++;
}
if (ProofNum == Bytes.size() && *pTempByte)
return Module + Offset;
}
}
return NULL;
}
}
为什么本论坛WIN源码跟手机源码不分开呢??
页:
[1]