CSignatureSearch.cpp
Code:
/* * * * * * * * * * * * * * * * * * * * * * * */
/***********************************************/
/* * * * * * * * * * * * * * * * * * * * * * * */
/* CSignatureSearch Class */
/* */
/* Author : OneWhoSighs */
/* Version : 1.0 */
/* * * * * * * * * * * * * * * * * * * * * * * */
/* www.b0ts.org */
/* * * * * * * * * * * * * * * * * * * * * * * */
/***********************************************/
/* * * * * * * * * * * * * * * * * * * * * * * */
#define WIN32_LEAN_AND_MEAN
#include "CSignatureSearch.h"
CSignatureSearch::CSignatureSearch()
{
}
CSignatureSearch::~CSignatureSearch()
{
}
DWORD CSignatureSearch::SigSearch(DWORD dwStartAddress, DWORD dwEndAddress, BYTE* bSignature, int nSize, BYTE bWildCard)
{
int Matcher;
DWORD CurrentAddress;
BYTE* Comparison;
for(DWORD var = dwStartAddress;
var < dwEndAddress;
var++
)
{
CurrentAddress = (DWORD)var;
Comparison = (BYTE*)CurrentAddress;
Matcher = Match(Comparison,bSignature,nSize,bWildCard);
if(Matcher == -1)
return CurrentAddress;
}
return NULL;
}
int CSignatureSearch::Match(BYTE* bComparison, BYTE* bSignature, int nSize, BYTE bWildCard)
{
int Var2 = 0;
if (bComparison == NULL)
if(bSignature == NULL)
return -1;
if (bComparison == NULL)
return 0;
if (bSignature == NULL)
return 0;
for ( Var2 = 0; Var2 < nSize; Var2++ )
{
if ( bComparison[Var2] != bSignature[Var2] )
{
if ( bSignature[Var2] != bWildCard )
return 0;
}
}
return -1;
}
CSignatureSearch.h
Code:
/* * * * * * * * * * * * * * * * * * * * * * * */
/***********************************************/
/* * * * * * * * * * * * * * * * * * * * * * * */
/* CSignatureSearch Class */
/* */
/* Author : OneWhoSighs */
/* Version : 1.0 */
/* * * * * * * * * * * * * * * * * * * * * * * */
/* www.b0ts.org */
/* * * * * * * * * * * * * * * * * * * * * * * */
/***********************************************/
/* * * * * * * * * * * * * * * * * * * * * * * */
#ifndef _WINDOWS_
#include <windows.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <iostream>
using namespace std;
class CSignatureSearch{
private:
int Match(BYTE* bComparison, BYTE* bSignature, int nSize, BYTE bWildCard);
public:
CSignatureSearch();
~CSignatureSearch();
DWORD SigSearch(DWORD dwStartAddress, DWORD dwEndAddress, BYTE* bSignature, int nSize, BYTE bWildCard);
};
What this does is allow you to auto search for signatures (memory bytes in an application, to auto find the address)
First you will need to debug the application in ollydbg, or cheat engine and find the bytes for certain address and create a signature.
Example Code:
Code:
#define Log( name , addr ) fprintf(xLog, name " : %.8X\n", addr );
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include <iostream>
#include <fstream>
#include "CSignatureSearch.h"
using namespace std;
void Main(){
CSignatureSearch CSigSearch;
while(1)
{
if(GetAsyncKeyState(VK_F12))
{
BYTE ExampleSignature[] = {0xEB, 0x74, 0xEE, 0x72, 0xEE};
DWORD dwAddress = CSigSearch.SigSearch(0x01000000,0x02000000,ExampleSignature,sizeof(ExampleSignature),0xEE);
FILE* xLog = fopen("Address Log.log", "w");
if (xLog!=NULL){
fputs("Offset Log\n\n",xLog);
Log(Example Hack Address :",dwAddress);
fclose(xLog);
}
}
Sleep(10);
}
}
// On DLL Entry
bool APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved){
if(dwReason == DLL_PROCESS_ATTACH){
DisableThreadLibraryCalls(hModule);
CreateThread(NULL, 0, (unsigned long(__stdcall*)(void*))Main, NULL, 0, NULL);
return TRUE;
}
return TRUE;
}
The code above demonstrates when you press F12, it will find and log the address for the example signature.
DWORD CSignatureSearch::SigSearch(DWORD dwStartAddress, DWORD dwEndAddress, BYTE* bSignature, int nSize, BYTE bWildCard)
dwStartAddress
*The address that you will start the scan on.
dwEndAddress
*The address that the scan will stop at.
bSignature
*The signature of bytes to look for.
nSize
*The size of the signature.
bWildCard
*The wildcard byte in your signature. Wildcard in your signature means it means the byte you provide in this parameter can be any byte. In the example I provided, I used 0xEE.
Return Value
*Returns NULL / 00000000 if address is not found. If found, will return the address.