[1.12.1] Blackmagic FindPattern question

[Erwin32]

First things first hello guys, so far I was just reading and trying to learn.

However, I have hit a wall. Nor Google or search on this forum yielded any progress. I am trying to write bot that functions in conjunction with my custom lua addon. What I am trying to do is following:

1) my addon sets two pernamet (global lua) variables as number .. done
2) check with Cheat Engine for the values that its possible to find them and revrite them .. done
3) use blackmagic to find those two variables at runtime ... failing
4) Read/Write to the variable ... should be ok but cant confirm

Here is the code where I am trying to acomplish this:

Code:

public class AddonConnector
    {
        public AddonConnector()
        {
            Core.Logger.Debug("Starting Addon Conection");
            double lookFor = 1234999852d;
            var bytes = BitConverter.GetBytes(lookFor);
            var adr = Magic.FindPattern(bytes, "????????");

            var someVal = Magic.ReadDouble(adr);

            Core.Logger.Debug(adr.ToString());
            Core.Logger.Debug(someVal.ToString());
        }
    }

This class is being instatntiated after I have succesfully attached to wow with

Code:

Magic.OpenProcessAndThread(myWoWs[0].Id);

I can read stuff like player object etc., but I can't figure out how to find my dynamic address.

Any help would be much appreciated.

PS: If there is some documentation for blackmagic lib I would love to see it.

[tutrakan]

PS: If there is some documentation for blackmagic lib I would love to see it.

Is this GitHub - acidburn974/Blackmagic you was looking for?

[namreeb]

I don't know anything about BlackMagic, but typically '?' is considered a wild card. Are you sure that you want the second part of your pattern filled with them? I'm guessing you want something like "xxxxxxxx" there instead.

[tutrakan]

Just tested it live. It seems that the addon allocates the variable somewhere in the heap while the findpattern function searches only in the wow module - from 0x00400000 to 0x00400000 + 0x00906000.

Code:

public uint FindPattern(ProcessModule pModule, byte[] bPattern, string szMask)
{
    return FindPattern((uint)pModule.BaseAddress, pModule.ModuleMemorySize, bPattern, szMask);
}

Some piece of advice: Try using the mvs debugger, it helps a lot for beginners as we are.

[Erwin32]

I don't know anything about BlackMagic, but typically '?' is considered a wild card. Are you sure that you want the second part of your pattern filled with them? I'm guessing you want something like "xxxxxxxx" there instead.

I did try with "xxxxxxxx" at first the '?' approach was desperate try to get different results, but I actually got exactly the same result.

Just tested it live. It seems that the addon allocates the variable somewhere in the heap and the findpattern function searches only in the wow module - from 0x00400000 to 0x00400000 + 0x00906000.

Code:

public uint FindPattern(ProcessModule pModule, byte[] bPattern, string szMask)
{
    return FindPattern((uint)pModule.BaseAddress, pModule.ModuleMemorySize, bPattern, szMask);
}

Some piece of advice: Try using the mvs debugger, it helps a lot for beginners as we are.

Damn well back to square one I guess.
Just making sure by "mvs" you mean Visual studio's debugger? Did used that tho I didn't try to step into the findpattern function for some reason (now I feel dumb )
One thing I have trouble figuring out is if it is possible to scan the heap then with BM. Still figuring out memory manipulation.

Backup solution will always be to slam slash command to chat tho that is one way only.

Anyway, thx for your swift reply's guys.

[lolp1]

Take a look at how I implement them here in this MemorySharp fork (I just implemented them how I do in Process.NET, based on MemorySharp).

MemorySharp/src/MemorySharp/Patterns at Patterns * lolp1/MemorySharp * GitHub

You can also see my library here, but I'd suggest sticking with memory sharp if you are external, otherwise mine is worth a look.
GitHub - lolp1/Process.NET: A C# class ibrary for interacting with processes.

The default interface implementation example below, I am pretty sure the pattern is valid still actually too.

Code:

using System;
using System.Linq;

namespace TestApp
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            var process = System.Diagnostics.Process.GetProcessesByName("Wow-64").FirstOrDefault();

            var memorySharp = new Binarysharp.MemoryManagement.MemorySharp(process);

            var patternScanner = memorySharp.Modules.MainModule.GetPatternScanner();



            var scanResult =
                patternScanner.Find(
                    new Binarysharp.MemoryManagement.Patterns.DwordPattern(
                      "48 89 74 24 ?? 57 48 83 EC 20 48 8B 05 ?? ?? ?? ?? 48 8B F1 48 8B FA 48 8B 88 ?? ?? ?? ?? F6 C1 01 75 05 48 85 C9 75 02"));

            if (!scanResult.ScanWasSuccessful)
            {
                Console.WriteLine("Could not find pattern.");
            }

            Console.WriteLine(scanResult.Offset.ToString("X"));
            Console.WriteLine(scanResult.BaseAddress.ToString("X"));
            Console.WriteLine(scanResult.RebasedAddress.ToString("X"));

            Console.ReadLine();
        }
    }
}

Note, sometimes for hard patterns, you might need to make multiple steps to find your result. Like so:

Code:

var scanResult = ..
var actualAddress = (IntPtr)memory.Read<byte>(scanResult.BaseAddress);

The scan result being the start of some where you want, and other reads being where the address you want is from the start.

[tutrakan]

One possibility is writing your own find pattern function. ([source] C# Warden scanner)This might help you.

Edit: Oops didn't saw the lolp1's response. Listen to this guy, he is a genius.

[Erwin32]

Take a look at how I implement them here in this MemorySharp fork (I just implemented them how I do in Process.NET, based on MemorySharp).

MemorySharp/src/MemorySharp/Patterns at Patterns * lolp1/MemorySharp * GitHub

You can also see my library here, but I'd suggest sticking with memory sharp if you are external, otherwise mine is worth a look.
GitHub - lolp1/Process.NET: A C# class ibrary for interacting with processes.

The default interface implementation example below, I am pretty sure the pattern is valid still actually too.

...

Thx a lot I will take a look at MemorySharp and Process.NET.