SigScanner.cpp:
SigScanner.h:
Code:
#include "SigScanner.h"
int sigScan::scanNoAlign(char *toFind, int bCount, int reachSize, int start, int end, int align)
{
MEMORY_BASIC_INFORMATION mbi;
int mbiSize = sizeof(mbi);
char* reach = (char*)new char[reachSize];
for (char *i = (char*)start;;)
{
VirtualQueryEx((HANDLE)-1, i, &mbi, mbiSize);
if ((mbi.AllocationProtect & 238) && !(mbi.Protect & 257) && (mbi.State & 4096))
{
char* end = (char*)mbi.BaseAddress + mbi.RegionSize;
for (char* x = (char*)mbi.BaseAddress; x < end;)
{
SIZE_T size;
ReadProcessMemory((HANDLE)-1, x, reach, reachSize, &size);
for (int ii = 0; ii < size; ii += align)
{
if (*(int*)(reach + ii) == *(int*)toFind)
{
if (bCount == 4)
{
return (int)x + ii;
}
bool isMatch = true;
for (int b = 4; b < bCount; b++)
{
if (*(unsigned char*)(reach + ii + b) != *(unsigned char*)(toFind + b))
{
isMatch = false;
}
}
if (isMatch)
{
return (int)x + ii;
}
}
}
x += size;
}
}
int oldI = (int)i;
i += mbi.RegionSize;
if (((int)i > end - mbi.RegionSize) || (oldI > (int)i))
{
break;
}
}
return -1;
}
#define WRITABLE (PAGE_READWRITE | PAGE_WRITECOPY |PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
int sigScan::scanNoAlignW(char *toFind, int bCount, int reachSize, int start, int end, int align)
{
MEMORY_BASIC_INFORMATION mbi;
int mbiSize = sizeof(mbi);
char* reach = (char*)new char[reachSize];
for (char *i = (char*)start;;)
{
VirtualQueryEx((HANDLE)-1, i, &mbi, mbiSize);
if ((mbi.AllocationProtect & 238) && !(mbi.Protect & 257) && (mbi.State & 4096))
{
char* end = (char*)mbi.BaseAddress + mbi.RegionSize;
for (char* x = (char*)mbi.BaseAddress; x < end;)
{
SIZE_T size;
ReadProcessMemory((HANDLE)-1, x, reach, reachSize, &size);
for (int ii = 0; ii < size; ii += align)
{
if (*(int*)(reach + ii) == *(int*)toFind)
{
if (bCount == 4)
{
return (int)x + ii;
}
bool isMatch = true;
for (int b = 4; b < bCount; b++)
{
if (*(unsigned char*)(reach + ii + b) != *(unsigned char*)(toFind + b))
{
isMatch = false;
}
}
if (isMatch)
{
return (int)x + ii;
}
}
}
x += size;
}
}
int oldI = (int)i;
i += mbi.RegionSize;
if (((int)i > end - mbi.RegionSize) || (oldI > (int)i))
{
break;
}
}
return -1;
}SigScanner.h:
Code:
#include <windows.h>
#include <stdio.h>
class sigScan
{
public:
int scanNoAlign(char *toFind, int bCount, int reachSize = 1024, int start = 0, int end = 0x50000000, int align = 1);
int scanNoAlignW(char* toFind, int bCount, int reachSize = 1024, int start = 0, int end = 0x50000000, int align = 1);
};