x64跨进程aob搜索源代码
速度的确很快,支持通配符,没啥需要注意的,读内存换成自己的就可以了,通配符调用例子:xxxx??xxwow64ext真的超级好用啊!
#pragma region FindSig
#include<Windows.h>
#include <vector>
#include <Psapi.h>
#include <iostream>
#include "wow64ext.h"
using namespace std;
typedef unsigned long DWORD;
typedef unsigned short WORD;
typedef unsigned char BYTE;
bool FHexCharValid(char c)
{
if (c >= '0' && c <= '9' ||
c >= 'A' && c <= 'F' ||
c >= 'a' && c <= 'f' ||
c == '?')
return true;
else
return false;
}
bool FHexDecoder(char* Dec, char* Src)
{
char HighC, LowC;
DWORD dwSrcLen = strlen(Src) / 2;
int i;
for (i = 0; i < dwSrcLen; i++) {
HighC = Src, LowC = Src;
if (!FHexCharValid(LowC) || !FHexCharValid(HighC))
return false;
HighC -= '0';
if (HighC > 9) HighC -= 7;
if (HighC > 0xf) HighC -= 0x20;
LowC -= '0';
if (LowC > 9) LowC -= 7;
if (LowC > 0xf) LowC -= 0x20;
Dec = (HighC << 4) | LowC;
}
return true;
}
bool __SundayHexInit__(char* Sub, DWORD*p, char* HexSub, unsigned long dwSubLen)
{
if (!FHexDecoder(HexSub, Sub)) {
return false;
}
DWORD i;
for (i = 0; i < 0x100; i++) {
p = -1;
}
int WildAddr = 0;
for (i = 0; i < dwSubLen; i++) {
if (Sub == '?')
WildAddr = i;
}
for (i = WildAddr + 1; i < dwSubLen; i++) { //扫描Sub,初始化 P 表
p[(BYTE)HexSub] = dwSubLen - i;
}
for (i = 0; i < 0x100; i++) {
if (p == -1)
p = dwSubLen - WildAddr;
}
return true;
}
int __SundayHex__(char* Src, unsigned long dwSrcLen, char* Sub, DWORD* p, char* HexSub, DWORD dwSubLen)
{
//开始配对字符串
//j为 Sub位置指标, k为 当前匹配位置
DWORD j, k;
j = dwSubLen - 1; //初始化位置为 dwSubLen - 1,匹配顺序为从右到左
bool bContinue = true;
bool bSuccess;
while (bContinue) {
bSuccess = true;
for (k = 0; k < dwSubLen; k++) {
if (Sub[(dwSubLen - k - 1) * 2] != '?' && Src != HexSub) {
bSuccess = false;
break;
}
}
if (bSuccess)
bContinue = false;
else { //移动j指针
if (j < dwSrcLen - 1) //防止j+1 >= dwSrcLen造成溢出
j += p[(BYTE)Src];
else j++;
}
if (j >= dwSrcLen)
break;
}
if (j < dwSrcLen)
return j - dwSubLen + 1;
else
return -1;
}
int __SundayHexV__(char* Src, unsigned long dwSrcLen, char* Sub, DWORD* p, char* HexSub, DWORD dwSubLen, int v)
{
//开始配对字符串
//j为 Sub位置指标, k为 当前匹配位置
DWORD j, k;
j = dwSubLen - 1 + v; //初始化位置为 dwSubLen - 1,匹配顺序为从右到左
bool bContinue = true;
bool bSuccess;
while (bContinue) {
bSuccess = true;
for (k = 0; k < dwSubLen; k++) {
if (Sub[(dwSubLen - k - 1) * 2] != '?' && Src != HexSub) {
bSuccess = false;
break;
}
}
if (bSuccess)
bContinue = false;
else { //移动j指针
if (j < dwSrcLen - 1) //防止j+1 >= dwSrcLen造成溢出
j += p[(BYTE)Src];
else j++;
}
if (j >= dwSrcLen)
break;
}
if (j < dwSrcLen)
return j - dwSubLen + 1;
else
return -1;
}
int SundayHex(char* Src, unsigned long dwSrcLen, char* Sub)
{
DWORD dwSubLen = strlen(Sub);
if (dwSubLen % 2) //长度必须为2的倍数
return -1;
dwSubLen /= 2;
char* HexSub = new char;
DWORD* p = new DWORD; //table P,标志距离
int i = -1;
if (__SundayHexInit__(Sub, p, HexSub, dwSubLen)) {
i = __SundayHex__(Src, dwSrcLen, Sub, p, HexSub, dwSubLen);
}
delete[]p;
delete[]HexSub;
return i;
}
vector< int> SundayHexV(char* Src, unsigned long dwSrcLen, char* Sub)
{
vector< int> v;
DWORD dwSubLen = strlen(Sub);
if (dwSubLen % 2) //长度必须为2的倍数
return v;
dwSubLen /= 2;
char* HexSub = new char;
DWORD* p = new DWORD; //table P,标志距离
int i = -1;
if (__SundayHexInit__(Sub, p, HexSub, dwSubLen)) {
i = __SundayHexV__(Src, dwSrcLen, Sub, p, HexSub, dwSubLen, 0);
while (i != -1)
{
v.push_back(i);
i = __SundayHexV__(Src, dwSrcLen, Sub, p, HexSub, dwSubLen, i + dwSubLen);
}
}
delete[]p;
delete[]HexSub;
return v;
}
DWORD64 __stdcall FindSig(const char* Value)
{
vector <DWORD> 保存数组;
DWORD64 区段大小 = 0;
ULONG64 Start = 0, End = 0x7fffffffffffffff;
//if (dwPid == 0) return 保存数组;
MEMORY_BASIC_INFORMATION64 内存信息 = { 0 };
if (hFake1 != NULL)
{
while (VirtualQueryEx64(hFake1, Start, &内存信息, sizeof(内存信息)))
{
//cout << 内存信息.BaseAddress << endl;
if (内存信息.Protect != 1 && 内存信息.Protect != 16 && 内存信息.RegionSize != 1 && 内存信息.Protect != 512)
{
区段大小 = (DWORD64)内存信息.BaseAddress + 内存信息.RegionSize - Start;
//char tmpchar;
//sprintf_s(tmpchar, "0x%I64x", 区段大小);
//MessageBoxA(NULL, tmpchar, "Size", MB_OK);
char* buf = new char[区段大小 + 1];
if (ReadFast(Start, buf, 区段大小) == STATUS_SUCCESS)
{
vector<int>dwValue = SundayHexV(buf, 区段大小, (char*)Value);
for (size_t i = 0; i < dwValue.size(); i++)
{
//保存数组.push_back(Start + dwValue);
char tmpchar;
sprintf_s(tmpchar, "0x%I64x", Start + dwValue);
MessageBoxA(NULL, tmpchar, "Result", MB_OK);
return Start + dwValue;
}
//delete(buf);
}
//delete(buf);
}
if (End == 0) {
break;
}
Start += 内存信息.RegionSize;
if (Start > End)
break;
}
//CloseHandle(hProcess);
}
return 0;
}
#pragma endregion
页:
[1]