[C++]Where can I find a simple FindPattern in c++ ?

[guillaume76290]

Hi.
First of all, don't forget that i'm a french, so i'll do some mistakes
I am looking for a simple FindPattern function in C++. I already searhed everywhere, and i didn't found anything. So if someone has got this function ...

Thank you !
Bye

[qjlex]

CopyPast from WoWX
Header File

Code:

#pragma once

extern unsigned long dwStartAddress, dwLen;

bool bDataCompare( const unsigned char* pData, const unsigned char* bMask, const char* szMask );
unsigned long dwFindPattern( unsigned char *bMask,char * szMask, unsigned long dw_Address = dwStartAddress, unsigned long dw_Len = dwLen );

Code File

Code:

// Credits: Dominik, Patrick

unsigned long dwStartAddress = 0x00401000, dwLen = 0x00861FFF;

bool bDataCompare(const unsigned char* pData, const unsigned char* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask )
            return false;
    return (*szMask) == 0;
}

unsigned long dwFindPattern( unsigned char *bMask,char * szMask, unsigned long dw_Address = dwStartAddress, unsigned long dw_Len = dwLen )
{
    for(unsigned long i=0; i < dw_Len; i++)
		if( bDataCompare( (unsigned char*)( dw_Address+i ),bMask,szMask) )
            return (unsigned long)(dw_Address+i);
    return 0;
}

[guillaume76290]

I already try this code ... But it doesn't work. I'll try again tomorrow.
See you !

[eLaps]

Searching 'string' with 'mask' from A to B would be basic enough and faster to write it yourself.

[guillaume76290]

This is my code :

Code:

int ThreadLocalStorage = dwFindPattern("xxxxxx????xxx????xxxxx????xx????","\xEB\x02\x33\xC0\x8B\xD\x00\x00\x00\x00\x64\x8B\x15\x00\x00\x00\x00\x8B\x34\x8A\x8B\xD\x00\x00\x00\x00\x89\x81\x00\x00\x00\x00");
    int CConnection = Memory.ReadInteger(Memory.ReadInteger(ThreadLocalStorage + 0x16));
    int CConnectionOffset = Memory.ReadInteger(ThreadLocalStorage + 0x1C);
    int CurrentManager = Memory.ReadInteger(CConnection + CConnectionOffset);

    int LocalGUID = Memory.ReadInteger(CurrentManager + ObjectManager::LocalGUID);

    int currentObject = Memory.ReadInteger(CurrentManager + ObjectManager::FirstObject);
    while (currentObject != 0 && currentObject % 2 == 0)
    {
        if (Memory.GetTargetGUID() == WowObjectFields::OBJECT_FIELD_GUID)
                std::cout << Memory.ReadInteger(currentObject + WowUnitFields::UNIT_FIELD_HEALTH);

        currentObject = Memory.ReadInteger(currentObject + ObjectManager::NextObject);
    }

And this code doesn't work ^^ To write this function myself, i have to know how it works ...
Thanks you !

[eLaps]

What I read:

Code:

unsigned long dwFindPattern(unsigned char* bMask, char* szMask);

What you did:

Code:

int dwFindPattern(char* szMask, unsigned char* bMask);

You should try to understand what you copy, or it won't help you.

PS: You are asking for C++ code but you use C#?

[guillaume76290]

Thanks for your answer ! No, i'm using C++. I had try with your code, but it's the same result ^^ I realy don't see where is the problem ...

[guillaume76290]

I used an external dll ( blackrain ) to find "threadlocalstorage". Now, my code is

Code:

   MemoryRead Memory;
    long ThreadLocalStorage = 8457509;
    
    int CConnection = Memory.ReadInteger(Memory.ReadInteger(ThreadLocalStorage + 0x16));
    int CConnectionOffset = Memory.ReadInteger(ThreadLocalStorage + 0x1C);
    int CurrentManager = Memory.ReadInteger(CConnection + CConnectionOffset);

    int LocalGUID = Memory.ReadInteger(CurrentManager + ObjectManager::LocalGUID);

    int currentObject = Memory.ReadInteger(CurrentManager + ObjectManager::FirstObject);

    int PlayerAdress;
    while (currentObject != 0 && currentObject % 2 == 0)
    {
        int type = Memory.ReadInteger(currentObject + 0x14);

        if(type == WowObjectType: LAYER)
         std::cout << Memory.ReadInteger(currentObject + 0x36)<<std::endl;

        currentObject = Memory.ReadInteger(currentObject + ObjectManager::NextObject);
    }

But this code still doesn't work. This code should return player's level.

[Bananenbrot]

When you refer to addresses, you really should at least use unsigned int or DWORD instead of int or long as you did for the TLS address.
Even if you probably won't access anything beyond user memory, negative addresses don't make any sense to me.
Additionally, a GUID in wow is nothing but an unsigned __int64.
And even if I assume that WowObjectType: LAYER should read WowObjectType::PLAYER, at BaseAddress + 0x36 you will find all but the player's level.
Read about how to read the descriptor fields ...
If you copy & paste code (or copy from C#, paste & mess code), you at least have to understand it.

[WannaBeProgrammer]

Dosent Chyper´s lib inculde this?

[nopz]

If you are using BlackRain :
( ripped from BlackRain.Common.Objects )

Code:

protected T GetStorageField<T>(uint field) where T : struct
{
  field = field *4; // He's anal.
  var m_pStorage = ObjectManager.Memory.ReadUInt(BaseAddress + 0x08);

  return (T)ObjectManager.Memory.ReadObject(m_pStorage + field, typeof(T));
}

( ripped from BlackRain WowObjects )

Code:

public int Level
{
  get { return GetStorageField<int>((uint)Offsets.WowUnitFields.UNIT_FIELD_LEVEL); } // 0x36
}

So What you should do instead of :

Code:

std::cout << Memory.ReadInteger(currentObject + (0x36))<<std::endl;

is :

Code:

int storage = Memory.ReadUInt(currentObject + 0x08);
std::cout << Memory.ReadInt(storage + 0x36 * 4) <<std::endl;

Something like that.
When you read from Descriptors you have to add the descriptor offset and * 4 the field offset you want.

I hope it will help you.
BTW : join the group xD : French developers - MMOwned - World of Warcraft Exploits, Hacks, Bots and Guides

[GliderPro]

Dosent Chyper´s lib inculde this?

Yes. HadesMem includes pattern searching functions.

[guillaume76290]

Thanks for your answer ! It works, but i used a different way ^^
Bye !

[Tanaris4]

Not c++, but you can view my implementation in Obj-C, VERY similar: OffsetController.m - pocketgnome - Project Hosting on Google Code

check out findPattern