Searching for a unique array of bytes that contains wildcards, for example 7E 08 ?? ?? ?? D8 01 using classMemory.ahk
Anyone can give me an example oh how to search for arrays with wildcards?
Array of bytes scan Topic is solved
Re: Array of bytes scan
Read all seven bytes starting at a given address, then just check to see if the first two and the last two are equal to their respective non-wildcard bytes in your pattern (i.e., don't check the wildcard bytes).
Re: Array of bytes scan
In reality my array is: 7E 08 00 00 00 00 00 00 00 ?? ?? ?? ?? 00 00 00 00 ?? ?? ?? 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(less 00 will not return an unique one)
So as you can see I have some "??" in middle too, that's why I was looking for an example with the memory class
Re: Array of bytes scan
I don't use that class, so I'd have to dig into it to show an actual example. But the logic for what you described is the same. Compare each byte going byte-by-byte, and if the byte in your array is a wildcard, then skip that one when considering it as a match and continue checking the rest as if everything matched so far.
Re: Array of bytes scan Topic is solved
Without using the class myself, the search could look something like this:
Code: Select all
; set up class for desired process with something like:
Mem := new _ClassMemory("ahk_exe MyProcessName.exe", "", hProcessCopy)
MyArray := [0x7E,0x08,00,00,00,00,00,00,00,"??","??","??","??",00,00,00,00,"??","??","??",0x7E,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00]
Length := 1000000 ; assign the number of bytes to search, however that is determined
FoundAddress := 0
loop, % Length {
Offset := A_Index - 1
for Index, Byte in MyArray
if (Byte != Mem.Read(Mem.BaseAddress, "UChar", Offset + Index - 1)) && (Byte != "??")
continue 2 ; move to next offset
; got here if there is a match over the whole array
FoundAddress := Mem.BaseAddress + Offset
break
}
if FoundAddress
MsgBox, % "Match was found as memory address " FoundAddress
else
MsgBox, No match was found
Re: Array of bytes scan
There are specific pattern scan methods in the class which utilise machine code. These will be orders of magnitude faster and they should avoid other issues which can happen when blindly reading addresses incrementally.
Code: Select all
mem := new _ClassMemory("ahk_exe MyProcessName.exe", "", hProcessCopy)
pattern := [0x7E,0x08,00,00,00,00,00,00,00,"??","??","??","??",00,00,00,00,"??","??","??",0x7E,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00]
; alternatively you can do:
; pattern := mem.hexStringToPattern("7E 08 00 00 00 00 00 00 00 ?? ?? ?? ?? 00 00 00 00 ?? ?? ?? 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
address := mem.processPatternScan(,, pattern*)
address := mem.modulePatternScan(, pattern*) ; this should work too (if the pattern is in main module) and might be slightly faster.
Who is online
Users browsing this forum: Draken, oktavimark and 328 guests