findhex

FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");//这种HOOK方式就是找到d3d9.dll的接口,搜索特征码,找到Vtable(虚函数表)
DWORD FindPattern ( DWORD startAddres, DWORD fileSize, PBYTE pattern, char mask[] )
{
    DWORD pos = 0;
    int searchLen = strlen ( mask ) - 1;
    
    for ( DWORD retAddress = startAddres; retAddress < startAddres + fileSize; retAddress++ )
    {
        if ( *(PBYTE) retAddress == pattern[ pos ] || mask[ pos ] == '?' )
        {
            if ( mask[ pos + 1 ] == '\0' )
            {
                return ( retAddress - searchLen );
            }
            
            pos++;
        } 
        else
        {
            pos = 0;
        }        
    }
    
    return NULL;
    }
}

by:danger's

posted @ 2013-07-01 09:21  Red Cat  阅读(515)  评论(0编辑  收藏  举报

Copyright © 2022 LyShark Powered by .NET 6 on Kubernetes
Theme - LyTheme 1.0