Find String Offsets in a file easily! | Snippet

[Killpot DF Member Posts:13 Threads:12 Reputation 0]

Yo.

So this is just something I whipped up and threw together to get this working, I imagine this could be much more efficient however I'm not worrying about parsing massive files so efficiency isn't a huge deal as long as it works relatively quickly.

It works by converting the inputted string into a Unicode encoded string, then from there converts it to a list of Hex bytes.

After that it loops through the desired file and will return the starting offset, and the ending offset once it finds all of the Hex bytes in a row. 

Super simple and amazingly useful for patching, I'll be personally using this in Ven0m to patch dll's before they're sent to the client.

Screenshot of it implemented:

Below is an example of a DLL opened in HxD and a simple console I made to scan for the desired Hex pattern. HxD has the string found and selected, and from there we can compare my function's starting and ending addresses vs. what HxD found. As you see they match.



Function:

Hidden Content
You must register or login to view this content.

It will return a response like:
{StartingOffset}|{EndingOffset}

[Sevaint DF Member Posts:2 Threads:0 Reputation 0]

cool little tool very helpful too