Scripted pointer search

Ask for Help on Using the Language With Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Scripted pointer search

Postby CoMPMStR » Wed Sep 23, 2009 8:43 am

I've been thinking about creating a script to automatically search for pointers based on offsets given by the user, this works for the most part. I can do an initial pointer search then get the results and check the distance, but it keeps crashing on me when I try to store the correct addresses in an array for later use.

Code: Select all
// globals
LPVOID beginAddy = (LPVOID)0x00400000;
LPVOID endAddy = (LPVOID)0x40000000;

DWORD compareAddys[1];
DWORD compareIndex = -1;
   
// Search for a pointer.
// This function does a bit of logical processing
//  for us.  It accepts the lowest known address in
//  a structure and creates a suitable search range.
bool FindPointer( LPVOID lpvFinalAddy, DWORD dwMaxOffset0, DWORD dwMaxOffset1, DWORD dwCurrentOffset ) {
    // The structure holds all the information we will
    //  pass to the function.
    MHS_API_SEARCH_PARMS pSearch;

    // Firstly, we are doing a pointer search.
    pSearch.dwType = LS_POINTER;

    // Cover the search range.
    pSearch.lpvStart = beginAddy;
    pSearch.lpvEnd = endAddy;

    // pSearch.bAligned is not used in Pointer Searches.

    // Now to the pointer-specific data.

    // We will search for a range of pointers.
    pSearch.TypeParms.pParms.dwSubType = ST_RANGE;

    // We don't need the Same as Original sub search.
    pSearch.TypeParms.pParms.bEnableSame = false;

    // We are not interested in only static pointers.
    pSearch.TypeParms.pParms.bStatic = false;

    // Save the offset from the value passed to us.
    // This should always be done in Pointer Searches.
    //  This allows us to see how far away pointers are
    //  from this addres in the address list.
    pSearch.TypeParms.pParms.lpvSaveOffset = lpvFinalAddy;
   
    if (dwCurrentOffset == 0)
    {
      pSearch.TypeParms.pParms.atValue.UInt = (DWORD)lpvFinalAddy - dwMaxOffset0;
    }
    else if (dwCurrentOffset == 1)
    {
      if (dwMaxOffset1 > -1)
         pSearch.TypeParms.pParms.atValue.UInt = (DWORD)lpvFinalAddy - dwMaxOffset1;
    }

    // Set the high value to the actual address specified.
    pSearch.TypeParms.pParms.atTo.UInt = (DWORD)lpvFinalAddy;

    // Now search.
    if (RAMSearch( &pSearch ))
    {
      if (dwCurrentOffset == 0)
      {
         if (ComparePointer(lpvFinalAddy, dwMaxOffset0, 0))
         {
            
         }
      }
      else if (dwCurrentOffset == 1)
      {
         if (dwMaxOffset1 > -1)
         {
            if (ComparePointer(lpvFinalAddy, dwMaxOffset1, 1))
            {
               
            }
         }
      }
      return true;
   }
   else
   {
      return false;
    }
}

bool ComparePointer(LPVOID pointerAddress, DWORD distance, DWORD current)
{
   if ( !LockScanForRead() ) { return false; }
   
   compareIndex = 0;
   DWORD scanTotal = GetScanTotal();
   
   PrintF("Total Pointer Results: %d", scanTotal);
   PrintF(" ");
   
   for ( DWORD i = 0; i < scanTotal; i++ )
   {
      DWORD retValue;
      LPVOID retAddress;
      if ( GetScanValue(i, &retAddress, &retValue) )
      {
         DWORD retDistance = (DWORD)pointerAddress - retValue;
         //PrintF("Distance: %d", retDistance);
         
         if (retDistance == distance)
         {
            compareAddys[compareIndex] = retAddress;
            compareIndex++;
            PrintF("Compare Address: %d", compareAddys[compareIndex - 1]);
         }
      }
   }
   
   return UnlockScanForRead();
}

void On_HK_0( DWORD dw1, DWORD dw2 )
{
   LPVOID initialAddy = (LPVOID)0x05ECD96C;
   DWORD offset0 = 0x74C;
   DWORD offset1 = -1;
   FindPointer(initialAddy, offset0, offset1, 0);
}


As you can see, I set up the initial address to do the pointer search on followed by the first offset (just to test), then call the function to do the search. Everything works fine until the function ComparePointer is called. When we get to the scan result iteration, MHS seems to crash for me everytime after the first address is put into the array, only once it went through without a crash but I had to change some things and it hasn't worked since.

I was under the impression that even if an array is declared with a length of 1, you can still add more elements to it without problems. Is there another, maybe better, way of storing the addresses to use later in a subsequent pointer search; to search for any other offsets?

Thanks to whoever can lend a helping hand, I'm sure this is something that everyone can benefit from when it's working properly. :D

PS: Is it possible to store an array of arrays, or should I just create a structure of an array and put that structure into an array? This would be to store as many offsets as possible without declaring lots of global variables.
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Postby L. Spiro » Wed Sep 23, 2009 2:20 pm

Any time it does not crash is simple luck (and will cause other bugs to appear later).
You have defined an array of length 1, therefore you can only put 1 item into it.

Make it a resizeable array using pointers and ReAlloc().


If you want an array of arrays, it is best to make a structure with an array in it and make an array of that.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby CoMPMStR » Thu Sep 24, 2009 6:04 am

L. Spiro wrote:Make it a resizeable array using pointers and ReAlloc().


L. Spiro


Now I'm having problems declaring the pointer and assigning the resulting addreses. First I tried declaring another global variable DWORD * compare = Malloc(4); since a DWORD consists of 4 bytes, but I get an error with this Unable to set the initialization data for global “compare”.

Then I decided to just exclude the "= Malloc(4)" portion and leave the pointer null until ReAlloc comes into play (since I read that ReAlloc acts as Malloc if the pointer variable is null), now I can compile the script. I have this under the if statement if (retDistance == distance) in the ComparePointer function but MHS still crashes for me after ReAlloc is called. :?

Code: Select all
            if (ReAlloc(compare, (compareIndex + 1) * 4) != NULL)
            {
               PrintF("After ReAlloc...");
               compare[compareIndex * 4] = retAddress;
               compareIndex++;
               PrintF("Compare Address: %d", compare[(compareIndex - 1) * 4]);
            }


First I try to alloc, or realloc, the number of bytes necessary for the next pointer address found (each address consists of 4 bytes right?). If the ReAlloc function doesn't return NULL then it will continue with adding the address to the new pointer but it crashes when it gets to that part. Note that I do call Free(compare); after the pointer search iteration when the pointer is not used anymore.

I thought I had the right idea after you said to make a resizable pointer using ReAlloc() but I guess not. What else am I doing wrong here? Thanks in advance! :!:
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Postby L. Spiro » Thu Sep 24, 2009 7:27 am

You can not initialize globals to the result of functions.
Initialize it to NULL.

Resize via:

Code: Select all
pdwCompare = ReAlloc( pdwCompare, ++dwCompareIndex * sizeof( DWORD ) );



And do not assign via dwCompareIndex * 4.
Code: Select all
pdwCompare[dwCompareIndex] = dwRetAddress;


However if you use the code I gave for reallocating, dwCompareIndex will be the size of the array, not the last index. The last index is size of array - 1.
Code: Select all
pdwCompare[dwCompareIndex-1] = dwRetAddress;



L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby CoMPMStR » Thu Sep 24, 2009 9:47 am

Thanks, perfect advice as always! Works like a charm, I forgot to set the compare pointer equal to the ReAlloc() function. :shock: I didn't know that about the globals either.

I have one more question, is it possible to declare a new array variable with existing values, something like...

Code: Select all
DWORD dwArray[] = DWORD[]{ 234, 13, 142 };


...rather than listing each one individually afterward?
Code: Select all
DWORD dwArray[3];
dwArray[0] = 234;
dwArray[1] = 13;
dwArray[2] = 142;



Also, I just noticed that I posted this in the wrong help section. You can move it if you like, my apologies about that. :oops:
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Postby L. Spiro » Thu Sep 24, 2009 11:49 am

You can:
Code: Select all
DWORD dwArray[] ={ 234, 13, 142 };



L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron