![]() |
#1
|
|||
|
|||
[C++] PatternFind
Hello everyone,
For x64_dbg I created a pattern finder that supports nibble wildcards (FF D? for example). Here is a standalone version of this pattern finder, feel free to use it wherever you like, credit (link to http://x64dbg.com) is appreciated, but not required. Example of usage: Code:
#include "patternfind.h" #include Greetings, Mr. eXoDia Last edited by mr.exodia; 10-28-2015 at 09:13. |
The Following 4 Users Gave Reputation+1 to mr.exodia For This Useful Post: | ||
#2
|
|||
|
|||
mudlord asked me to update this to include a pattern search & replace engine.
Example of full usage: Code:
#include "patternfind.h" int main(int argc, char* argv[]) { unsigned char data[0x100]; memcpy(data, main, sizeof(data)); //find pattern offset size_t found = patternfind(data, sizeof(data), "68 ?? ?1 0? 00"); printf("found: main+%p\n", found); if(found==-1) //not found return 0; //print current data for(int i=0; i<5; i++) printf("%.2X ", data[found+i]); puts(""); //search & replace if(!patternsnr(data, sizeof(data), "68 ?? ?1 0? 00", "?? ?1 1? 21 23")) return 0; //search & replace failed //print replaced data for(int i=0; i<5; i++) printf("%.2X ", data[found+i]); puts(""); return 0; } Code:
found: main+00000026 68 00 01 00 00 68 01 11 21 23 Greetings, Mr. eXoDia Last edited by mr.exodia; 10-28-2015 at 09:13. |
The Following 11 Users Gave Reputation+1 to mr.exodia For This Useful Post: | ||
besoeso (05-19-2014), bilbo (05-26-2014), chessgod101 (05-19-2014), Computer_Angel (05-19-2014), Dreamer (05-19-2014), Git (05-19-2014), Insid3Code (05-20-2014), nikkapedd (05-24-2014), nulli (05-27-2014), ontryit (05-19-2014), zeuscane (05-19-2014) |
#3
|
||||
|
||||
Hi eXoDia,
Your find pattern have a wrong situation. Example, we have pattern to find "C1 F8 02 33 C9 BA", and in file we have these byte "C1 C1 F8 02 33 C9 BA", then your code will not return the offset. Quote:
![]()
__________________
Welcome to my place http://www.reaonline.net |
The Following User Gave Reputation+1 to Computer_Angel For This Useful Post: | ||
mr.exodia (07-23-2014) |
#4
|
||||
|
||||
My fix code:
if(patternmatchbyte(data[i], &searchpattern.at(pos))) //check if our pattern matches the current byte { pos++; if(pos==searchpatternsize) //everything matched return i-searchpatternsize+1; } else if (pos>0) { i-=pos; // return to prev pos=0; //reset current pattern position }
__________________
Welcome to my place http://www.reaonline.net |
The Following User Gave Reputation+1 to Computer_Angel For This Useful Post: | ||
mr.exodia (06-29-2014) |
#5
|
|||
|
|||
Alright, this will also be fixed in x64_dbg, thanks a lot!
Greetings |
#6
|
|||
|
|||
Latest version will always be here: https://bitbucket.org/mrexodia/patternfind
|
The Following User Says Thank You to mr.exodia For This Useful Post: | ||
Stingered (08-08-2022) |
![]() |
Tags |
finder, nibble, pattern, string, wildcard |
Thread Tools | |
Display Modes | |
|
|