I'm learning about signature scanning and having some problems. My code is sort of ugly but it should work,,, can't understand how to fix my problem. My main function memory.findSignature() in my main returns a garbage value and therefor my when i read and give RemoteHealth a value it is also garbage.
Main:
LPCSTR signature = "\x48\x4A\x85\x2A\x44\x49";
LPCSTR mask = "xxxxxx";
uintptr_t healthAddr = memory.findSignature(CS.client.dwBase, CS.client.dwSize, signature, mask);
int RemoteHealth = memory.readAddress<int>(healthAddr);
std::cout << "value:" << std::hex << RemoteHealth << " address:" << healthAddr <<std::endl;
memory.h:
bool memoryCompare(const byte* data, const byte* mask, const char* szMask) {
for (; *szMask; ++szMask, ++data, ++mask) {
if (*szMask == 'x' && *data != *mask) {
return false;
}
}
return true;
}
uintptr_t findSignature(uintptr_t sigStart, uintptr_t sigSize, const char* signature, const char* mask) {
byte* data = new byte[sigSize];
SIZE_T bytesRead;
ReadProcessMemory(procHandle, (LPVOID)sigStart, data, sigSize, &bytesRead);
for (uintptr_t i = 0; i < sigSize; i++) {
if (this->memoryCompare((const byte*)(data + i), (const byte*)signature, mask)) {
delete[] data;
return sigStart + i;
}
}
delete[] data;
return NULL;
}
I don't know what would explain this but i know the issue is in one of my two memory functions...
http://prntscr.com/mqpx9h
http://prntscr.com/mqpz85
http://prntscr.com/mqpzqm
the return in memoryCompare are flipped, but the values still are garbage in read.... the address just reads as first in module :/
Related
I am trying to set the clipboard data based of some conditions by first checking the string length and the the first character of the string in the clipboard. If this returns true, I will then like to set the clipboard text to a different string and then get and display the new value on my console. Here's my Clipbpard.h
#include <iostream>
#include <windows.h>
#include <cstring>
namespace Diall_ClipBoard_catch
{
class ClipBoard
{
private:
::HANDLE dHDat;
::std::string tmpstringsign;
bool isopen;
char* dHbuffer;
char* dHbuffertemp;
char* dNtoken;
public:
ClipBoard(void)
{
this->dHbuffer = const_cast <char*>("");
this->dHbuffertemp = const_cast <char*>("");
this->tmpstringsign = "dnb_4554_2102";
this->isopen = false;
};
~ClipBoard(void)
{
}
char* GetData(void)
{
this->Start();
if (this->isopen)
{
this->dHDat = ::GetClipboardData(CF_TEXT);
if (this->dHDat)
{
this->dHbuffer = (char*)::GlobalLock(this->dHDat);
if (::std::strcmp(this->dHbuffertemp, this->dHbuffer) != 0 && this->dHbuffer != "" && this->dHbuffer != NULL)
{
this->dHbuffertemp = this->dHbuffer;
//::std::cout << this->dHbuffer << "\n";
return this->dHbuffer;
}
::GlobalUnlock(this->dHDat);
}
CloseClipboard();
this->isopen = FALSE;
::Sleep(1000);
}
}
void SetData(void)
{
const char* data = this->dHbuffer;
const char* newstring = "Hello World";
const size_t len = strlen(data) + 1;
HGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, len);
memcpy(GlobalLock(hMem), data, len);
GlobalUnlock(hMem);
if (!OpenClipboard(NULL))
{
return;
}
if(strlen(data) + 1 == 8 && (data.at(0) == 1 || data.at(0) == 7)){
EmptyClipboard();
SetClipboardData(CF_TEXT, hMem);
}
CloseClipboard();
this->isopen = TRUE;
}
private:
void Start(void)
{
if (!OpenClipboard(NULL))
{
return;
}
this->isopen = true;
}
};
}
And here is my m main.cpp
#include "Clipboard.h"
int main()
{
::Diall_ClipBoard_catch::ClipBoard* clipboard = new Diall_ClipBoard_catch::ClipBoard();
int temp1 = 0, temp2 = 0;
EmptyClipboard();
while (1)
{
temp1 = GetClipboardSequenceNumber();
if (temp1!= temp2)
{
clipboard->SetData();
std::cout << clipboard->GetData() << std::endl;
}
temp2 = temp1;
}
return 0;
}
I managed to make it work without the SetData() by only calling the GetData(). the issue I got with that is that it returns the string copied to the clipboard and after that I can't get any data from the clipbord i.e it works only once when I run the program but I want it to be continuous for every string copied and meets the condition.
Now I changed data.at(0) to data[0] and my code was able to compile with no error. The issue I am getting now is, my conditions always return false even when it should return true. What I am trying to do is check to see if the clipboard data is an 8 character long string and it starts with either a "1" or a "3" but it always returns false.
I proceeded to changing
const char* data = this->dHbuffer;
to
const char* data[] = this->dHbuffer;
Something else I noticed is that strlen(data) returns 1 as it's value. My question now is; Is there a way to get the actual length of the string as a string and not the size of the array?
but I got an error;
Clipboard.h|55|error: initializer fails to determine size of 'data'|
p.s I am an absolute beginner with c++ and I just started taking classes just last week. I do not fully understand the concept of classes in c++
The issue is that you've defined data here as
const char* data = this->dHbuffer;
which means that data is a const char*, a raw pointer to some characters. However, later on you write
if (strlen(data) + 1 == 8 && (data.at(0) == 1 || data.at(0) == 7)) {
^^^^^^^^^^ ^^^^^^^^^^
which treats data as though it were a std::string. To fix this, instead write
if (strlen(data) + 1 == 8 && (data[0] == 1 || data[0] == 7)) {
^^^^^^^ ^^^^^^^
It may be the case that, independently, there are other errors here, but this is the proximal compiler error that you're running into.
I wrote this function, in which the intention is to combine the character equivalent of
argument 3, with argument 2. Then allocate memory for argument 1 and return it. Based on debug statements inserted into the function everything seems to be correct, but it appears to be freeing the memory on return. Why is this? or am I missing something else?
I'm not accustomed to programming on a mac and I can't get gdb to work, so I'm kinda flying blind.
Function
bool BraviaIpCtrl::setVolume(char *output, const char *input, unsigned short value)
{
bool success = false;
output = nullptr;
if(value <= 100)
{
int msgLen = 24;
output = new char[msgLen];
memset(output, 0, sizeof(*output));
std::string numbers = std::to_string(value).c_str();
size_t len = numbers.length();
memcpy(output, input, msgLen);
memcpy(output + (msgLen - 1) - len, numbers.c_str(), len);
success = true;
}
return success;
}
Test Function call
char* test = nullptr;
if(bc.setVolume(test, bc.bctl_volume_set, 43) && test != nullptr)
{
std::cout << *test << std::endl;
}
else
{
std::cout << "NOPE!!" << std::endl;
}
As #mailtreyak pointed out, you are passing a pointer to char:
a copy of pointer output (let's say output_copy) is used within the function,
if you make output_copy point to some different data/memory, your output pointer is still pointing to its previous data/memory,
as soon as you exit the function the modification you expect has not happened (but this is correct, because the data/memory output is pointing to have not been modified at all).
Here below you can find another way using PointerToPointer (**):
bool BraviaIpCtrl::setVolume(char** output, const char* input, unsigned short value)
{
bool success = false;
*output = nullptr;
if (value <= 100)
{
int msgLen = 24;
*output = new char[msgLen];
memset(*output, 0, msgLen);
std::string numbers(*output);
size_t len = numbers.length();
memcpy(*output, input, msgLen);
memcpy(*output + (msgLen - 1) - len, numbers.c_str(), len);
success = true;
}
return success;
}
and calling code:
char* test = nullptr;
if (bc.setVolume(&test, bc.bctl_volume_set, 43) && test != nullptr)
{
std::cout << *test << std::endl;
}
else
{
std::cout << "NOPE!!" << std::endl;
}
Please pay much attention to this error in your previous code:
int msgLen = 24;
output = new char[msgLen];
memset(output, 0, sizeof(*output));
should be instead:
int msgLen = 24;
output = new char[msgLen];
memset(output, 0, msgLen);
this because you want to set 24 bytes, not just only 1 byte (1 = sizeof(*output), the size of a pointer to char)
The problem is that you are passing the pointer variable to the function and like any other variable it is passed by value, so the method "setVolume" is making a local copy of pointer test and assigning memory. The calling test method has no way of seeing this change.
Why not change the method implementation to return the address of the array instead.
char * BraviaIpCtrl::setVolume(const char *input, unsigned short value)
{
char* output = NULL;
if(value <= 100)
{
int msgLen = 24;
output = new char[msgLen];
memset(output, 0, sizeof(*output));
std::string numbers = std::to_string(value).c_str();
size_t len = numbers.length();
memcpy(output, input, msgLen);
memcpy(output + (msgLen - 1) - len, numbers.c_str(), len);
}
return output;
}
I'm aiming to be able to return unsigned char as a hex values, this is so I can pass the value from my client to server side.
How my data is generated before trying to be converted into hex:
unsigned char *TestClass::GetKey()
{
// Generate a key of length 32 bytes
memset(this->szKey, 0, 32);
RAND_bytes(this->szKey, 32);
return this->szKey;
}
This what i've currently got so far:
TestClass myTestClass;
void CJSCallDoc::OnDocumentComplete(LPCTSTR strURL,LPDISPATCH pDisp)
{
unsigned char szKey = hex_print(myTestClass.GetKey());
}
unsigned char CJSCallDoc::hex_print(unsigned char* pv)
{
unsigned char *p = pv;
if (NULL == pv)
{
return NULL;
}
else
{
char storedString[256];
size_t len = strlen((const char*)pv);
size_t i = 0;
for (; i < len; ++i)
{
strcpy_s(storedString, 256, "Test");
strcat_s(storedString, reinterpret_cast<char*>(*p++));
}
return *storedString;
}
}
The problem I'm having is with this line:
strcat_s(storedString, reinterpret_cast<char*>(*p++));
This line causes my application to crash and this is the following error I get:
Unhandled exception at 0x01664467 in TestApp.exe: 0xC0000005: Access
violation reading location 0x000000FE.
and the error takes me to tcscat_s.inl:
---> while ((*p++ = *_SRC++) != 0 && --available > 0)
{
}
However when I try and do the following it works fine:
unsigned char CJSCallDoc::hex_print(unsigned char* pv)
{
unsigned char *p = pv;
if (NULL == pv)
{
return NULL;
}
else
{
char storedString[256];
size_t len = strlen((const char*)pv);
size_t i = 0;
for (; i < len; ++i)
{
strcpy_s(storedString, 256, "Test");
strcat_s(storedString, "WORKS");
}
return *storedString;
}
}
Could someone explain to me, what I'm doing wrong and give me some advice in the right direction?
The problem is that you are casting your data to address, in:
strcat_s(storedString, reinterpret_cast<char*>(*p++));
*p++ is equal to whatever your string contains - first element is p from your example, so you are casting this p - decimal value 112, to char*. strcat_s will try to read string from this location which immediately ends with segfault.
Let's say I have a file. I read all the bytes into an unsigned char buffer. From there I'm trying to read a c string (null terminated) without knowing it's length.
I tried the following:
char* Stream::ReadCString()
{
char str[0x10000];
int len = 0;
char* pos = (char*)(this->buffer[this->position]);
while(*pos != 0)
str[len++] = *pos++;
this->position += len+ 1;
return str;
}
I thought I could fill up each char in the str array as I went through, checking if the char was null terminated or not. This is not working. Any help?
this->buffer = array of bytes
this->position = position in the array
Are there any other methods to do this? I guess I could run it by the address of the actual buffer:
str[len++] = *(char*)(this->buffer[this->position++]) ?
Update:
My new function:
char* Stream::ReadCString()
{
this->AdvPosition(strlen((char*)&(this->buffer[this->position])) + 1);
return (char*)&(this->buffer[this->position]);
}
and calling it with:
printf( "String: %s\n", s.ReadCString()); //tried casting to char* as well just outputs blank string
Example File:
Check this:
#include <cstring>
#include <iostream>
class A
{
unsigned char buffer[4096];
int position;
public:
A() : position(0)
{
memset(buffer, 0, 4096);
char *pos = reinterpret_cast<char*>(&(this->buffer[50]));
strcpy(pos, "String");
pos = reinterpret_cast<char*>(&(this->buffer[100]));
strcpy(pos, "An other string");
}
const char *ReadString()
{
if (this->position != 4096)
{
while (std::isalpha(this->buffer[this->position]) == false && this->position != 4096)
this->position++;
if (this->position == 4096)
return 0;
void *tmp = &(this->buffer[this->position]);
char *str = static_cast<char *>(tmp);
this->position += strlen(str);
return (str);
}
return 0;
}
};
The reintrepret_cast are only for the init, since you are reading from a file
int main()
{
A test;
std::cout << test.ReadString() << std::endl;
std::cout << test.ReadString() << std::endl;
std::cout << test.ReadString() << std::endl;
}
http://ideone.com/LcPdFD
Edit I have changed the end of ReadString()
str is a local c string. Any referencing pointer to str outsider the function is undefined behavior: Undefined, unspecified and implementation-defined behavior, it might or might not cause notable problem.
Null termination is probably the best way to go as long as you're careful, but the reason its not working for you is most likely because you are returning memory that has been allocated on the stack. This memory is going to be freed as soon as you hit the return which will therefore cause undefined behaviour. Instead, allocate your chars on the heap:
char* str = new char[0x10000];
and free the memory when the caller doesn't need it anymore.
It can be fixed with the following method. I was advancing the position, and then returning the address.
char* Stream::ReadCString()
{
u64 str_len = strlen((char*)&(this->buffer[this->position])) + 1;
this->AdvPosition(str_len);
return (char*)&(this->buffer[this->position - str_len]);
}
Hope this helps anyone.
I want to read the memory from a process for 16 MB (FFFFFF) and store it in a array, in a way that when I search inside the array like: array[i], i will be the real memory address.
Lets say I want to search from 000000 to FFFFFF, I want to make that jump sizeof(value), get the address from that address and store it in a var.
then if(var==value) return address.
i have this:
ReadProcessMemory(phandle,(void*)address,buffer,0xFFFFFF,0);
EDIT:
i have this (by BlueWanderer answer):
class offset_buffer{
private:
char *buf;
int offset;
public:
offset_buffer(char *in_buf, int in_offset)
: buf(in_buf), offset(in_offset){
}
char & operator[](int in_index){
return buf[in_index - offset];
}
void setOffset(int off){
offset=off;
}
void ReadMemory(){
LPBYTE point;
DWORD primeiroAddress = 0x000000;
DWORD finalAddress = 0xFFFFFF;
//LPBYTE buffer = new BYTE[finalAddress-primeiroAddress];
HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,TargetPID);
ReadProcessMemory(phandle,(void*)primeiroAddress, buf, sizeof(buf), 0);
CloseHandle(phandle);
}
};
main(){
char *buffer = new char[0xFFFFFFF-0x0000000];
int address = 0x0000000;
offset_buffer b(buffer,address);
std::ostringstream ss;
int i=0;
TListItem *ListIt;
b.ReadMemory();
for(address=0x0000000;address<0xFFFFFFF;address+=sizeof(int)){
if(b[address]==StrToInt(Edit1->Text.c_str())){
ss << std::hex << address;
showValue();
ss.str(std::string());
}
}
what is wrong?? can someone help me? why it doesn't work
You want something like this?
class offset_buffer
{
private:
char *buf;
int offset;
public:
offset_buffer(char *in_buf, int in_offset)
: buf(in_buf), offset(in_offset)
{
}
char & operator[](int in_index)
{
return buf[in_index - offset];
}
};
It will map your real address to the index in the array
offset_buffer b(buffer, address);
if (b[0x0C2F8E3] == 123) return 0x0C2F8E3;