USSR

Так это не входит в рамки объяснения работы сканера сигнатур. Проще говоря, у тебя есть функция, которая принимает аргументы и возвращает результат и есть массив из 100 разных аргументов. Чтобы получить 100 результатов работы функции, нужно вызвать ее 100 раз (для каждого из аргументов). Хоть циклом, вариантов - масса.

спасибо 

[terminus=16]Привет! Код я прочитал по диагонали и могу тольк сказать, что все можно реализовать раз в пять проще. Поищи на форуме - есть и темы и видеоуроки, в том числе на C++. На самом деле кода там строчек 5, а не 50.[/term

[terminus=16]хотел еще спросить если адрес не один, а например их 40 штук, то как это все прописывать? просто в уроках этого нету([/term

Ну пока что идея Xipho мне кажется легче. Итак, как поймать клиент игры и как его декомпилировать? Ну и попутный вопрос: как во всем этом искать слабости?

посмотри вот тут https://xakep.ru/2011/03/03/54979/ все подробно описано, про то как посмотреть и исход, и как лучше посмотреть пересылку пакетов!!!

USSR,http://www.mpgh.net/forum/showthread.php?t=505474 хочу сделать для crysis

Можете помочь разобраться?Это сканер сигнатур на С++
 
signature_scanner.h
 

Example of using:

DLL itself:
 
 

That was just a code sample to show you hoe you can use it.

The search funcion inside the scanner class is what you will be using to do memory scanning.
Like if we search like this:
 
 

83 is a single hex byte. Meaning it is like this: 0x83.

So the actual signature is:
 
 

Two "?" is a wildcard byte. And the signature will ignore them.

Additionally it will take the address at the end of the signature unless you specify the second perameter in this function, which is 0 by default.

If the address is in the middle of the signature you can do the following:
 
 

As you know, the address is Unsigned long and thus we write 8 "X"(4bytes=4*2).
When X is detected in the string, the second perameter of the function is ignored.

The string must be in upper case letters.
Как тут он работает? не как не пойму.Как у него маска и сигнатура в одной строке но при этом у него все работает. 

Xipho: тег кода и спойлера для кого сделан?

#pragma once#include <windows.h>#include <psapi.h>#pragma comment(lib, "psapi.lib")#include <stdio.h>// Usage: unsigned long address = signature_scanner->search("3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C4DA");// X is the address// ? is a wildcardclass signature_scanner{private:    unsigned long BaseAddress;    unsigned long ModuleSize;public:    signature_scanner()    {        //SYSTEM_INFO info;        //GetSystemInfo(&info);        //this->BaseAddress = (unsigned long)info.lpMinimumApplicationAddress;        // Could be injected earlier than expected        while (!(this->BaseAddress = (unsigned long)GetModuleHandle(NULL)))            Sleep(100);        // Getting size of image        MODULEINFO modinfo;        while (!GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modinfo, sizeof(MODULEINFO)))            Sleep(100);        this->ModuleSize = modinfo.SizeOfImage;        // Wait for the application to finish loading        MEMORY_BASIC_INFORMATION meminfo;        while (true)        {            if (VirtualQuery((void*)this->ModuleSize, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)))                if (!(meminfo.Protect &PAGE_EXECUTE_WRITECOPY))                    break;            Sleep(100);        }    }    unsigned long search(const char* string, unsigned short offset=0)    {        unsigned int p_length = strlen(string);// Pattern's length        if (p_length % 2 != 0 || p_length < 2 || !this->BaseAddress || !this->ModuleSize) return NULL;// Invalid operation        unsigned short length = p_length / 2;// Number of bytes        // The buffer is storing the real bytes' values after parsing the string        unsigned char* buffer = new unsigned char[length];        SecureZeroMemory(buffer, length);        // Copy of string        char* pattern = new char[p_length+1];// +1 for the null terminated string        ZeroMemory(pattern, p_length+1);        strcpy_s(pattern, p_length+1, string);        _strupr_s(pattern, p_length+1);        // Set vars        unsigned char f_byte;        unsigned char s_byte;        // Parsing of string        for (unsigned short z = 0; z < length; z++)        {            f_byte = pattern[z*2];// First byte            s_byte = pattern[(z*2)+1];// Second byte            if ( ( (f_byte <= 'F' && f_byte >= 'A') || (f_byte <= '9' && f_byte >= '0') ) && ( (s_byte <= 'F' && s_byte >= 'A') || (s_byte <= '9' && s_byte >= '0') ) )            {                if (f_byte <= '9') buffer[z] += f_byte - '0';                else buffer[z] += f_byte - 'A' + 10;                buffer[z] *= 16;                if (s_byte <= '9') buffer[z] += s_byte - '0';                else buffer[z] += s_byte - 'A' + 10;            }            else if (f_byte == 'X' || s_byte == 'X') buffer[z] = 'X';            else buffer[z] = '?';// Wildcard        }        // Remove buffer        delete[] pattern;        // Start searching                unsigned short x;        unsigned long i = this->BaseAddress;        MEMORY_BASIC_INFORMATION meminfo;        unsigned long EOR;                while (i < this->ModuleSize)        {            VirtualQuery((void*)i, &meminfo, sizeof(MEMORY_BASIC_INFORMATION));            if (!(meminfo.Protect &PAGE_EXECUTE_READWRITE))// Good for AVA for now            {// !(meminfo.Protect &(PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) || !(meminfo.State &MEM_COMMIT)                i += meminfo.RegionSize;                continue;            }            EOR = i + meminfo.RegionSize;            for (; i < EOR; i++)            {                for (x = 0; x < length; x++)                    if (buffer[x] != ((unsigned char*)i)[x] && buffer[x] != '?' && buffer[x] != 'X')                        break;                if (x == length)                {                    delete[] buffer;                    const char* s_offset = strstr(string, "X");                    if (s_offset != NULL)                        return *(unsigned long*)&((unsigned char*)i)[length - strlen(s_offset) / 2];                    else                        return *(unsigned long*)&((unsigned char*)i)[length + offset];                }            }        }                // Didn't find anything        delete[] buffer;        return NULL;    }}; 

#include <windows.h>#include "signature_scanner.h"void main(){    Beep(1000, 100);    signature_scanner *scanner = new signature_scanner;        HANDLE checking;    unsigned long pointer;    bool* ingame;    try    {        if (!(ingame = (bool*)scanner->search("83C40885C00F95C0C705????????????????A2")))            throw "Couldn't retrieve ingame pointer.";        if (!(pointer = scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6")))            throw "Couldn't retrieve bino pointer.";    }    catch ( LPCSTR error )    {        MessageBox(NULL, error, "Error", MB_OK | MB_ICONERROR);        return;    }    while (true)    {        // Checks if he is in game                if (*ingame)        {            // If he is in game then do some stuff                        if (IsBadReadPtr((void*)pointer, sizeof(unsigned long)) == NULL)            {                unsigned long address = *(unsigned long*)pointer + offset;                if (IsBadReadPtr((void*)address, sizeof(unsigned long)) == NULL)                {                }            }        }                Sleep(2000);    }}bool WINAPI DllMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved){    if (fdwReason == DLL_PROCESS_ATTACH)    {        DisableThreadLibraryCalls(hDLLInst);        if (CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL) == NULL)        {            MessageBox(NULL, new_thread, "Error", MB_OK | MB_ICONERROR);            return false;        }    }        return true;}

Code:scanner->search("83C40885C00F95C0C705????????????????A2");

Code:0x83 0xC4 0x08 0x85 0xC0 0x0F 0x95 0xC0 0xC7 0x05 ?? ?? ?? ?? ?? ?? ?? ?? 0xA2

Code:scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6");