Raised This Month: $119 Target: $400
 29% 

[T] Small useful codes - Thread


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Sam839
Zero Posts
Join Date: Apr 2019
Location: Russian Federation
Old 09-23-2020 , 02:06   [T] Small useful codes - Thread
Reply With Quote #1

Insert your little code that you think should be seen by others. I noticed that there are similar threads and decided to do something similar.

For example:
PHP Code:
// C++
int RGetAppID() // Get AppID from steam_appid.txt
{
    
std::ifstream f("steam_appid.txt");
    
std::string str((std::istreambuf_iterator<char>(f)), std::istreambuf_iterator<char>());
    
str.erase(std::remove(str.begin(), str.end(), char(0x0A)), str.end());
    
str.erase(std::remove(str.begin(), str.end(), char(0x00)), str.end());
    return 
std::stoi(str);
}

// C++
size_t RSizeOfFunction(voidfunc// Get size of function (opcodes - bytes). For example: RSizeOfFunction(AllocConsole);
{
    if (
func) {
        
size_t size 0;
        
BYTEbytes static_cast<BYTE*>(func);
        while (
bytes[size] != 0xC3 && bytes[size 1] != 0xCC)
        {
            if (
size >= 0x100000) { // 1 mByte = 0x100000
                
return size_t(0);
            }
            
size++;
        }
        return 
size 1;
    }
    else {
        return 
size_t(0);
    }

Sam839 is offline
Sam839
Zero Posts
Join Date: Apr 2019
Location: Russian Federation
Old 11-10-2020 , 12:10   Re: [T] Small useful codes - Thread
Reply With Quote #2

FindSignature with LRU cache (max: 8192. If the value is above this limit, then the cache is flushed).
I tried to make the best performance.

PHP Code:
#include <iostream>
#include <Windows.h>
#include <Tlhelp32.h>

#include <map>
#include <string>

struct LRU_Record {
    
std::string module_name;
    
std::string signature;
    
voidxAddr;
};

typedef unsigned long long int BigInt;
typedef std::map<size_tLRU_RecordLRU;

LRU lru_cache;
BigInt FindSignatureCalls 0;

template <typename T>
T __fastcall FindSignature(const charmodule_name, const charsignature)
{
    
static_assert(std::is_pointer<T>::value"Pointer only allowed!");
    if (!
module_name || !signature) {
        return 
nullptr;
    }
    for (
LRU::iterator it lru_cache.begin(); it != lru_cache.end(); it++) {
        if (
it->second.module_name == std::string(module_name) && it->second.signature == std::string(signature)) {
            return 
reinterpret_cast<T>(it->second.xAddr);
        }
    }

    
HANDLE hSnap CreateToolhelp32Snapshot(TH32CS_SNAPMODULE0);
    
MODULEENTRY32 xModule = { };
    
xModule.dwSize sizeof(MODULEENTRY32);
    
size_t signature_length strlen(signature);

    
unsigned long xModuleBaseSize 0;
    
unsigned charxModuleBaseAddress nullptr;
    
unsigned charxModuleBuffer nullptr;
    
unsigned long t1 0;
    
unsigned long t2 signature_length;
    
unsigned long j 0;
    
unsigned long count 0;
    
unsigned char wildcard[UCHAR_MAX 1] = { };
    
unsigned long i 0;
    
long l 0;
    
unsigned char c 0;
    
unsigned char w 0;
    
bool k false;

    if (
Module32First(hSnap, &xModule)) {
        while (
Module32Next(hSnap, &xModule)) {
            if (!
strcmp(xModule.szModulemodule_name)) {
                
CloseHandle(hSnap);
                
xModuleBaseSize static_cast<unsigned long>(xModule.modBaseSize);
                
xModuleBuffer reinterpret_cast<unsigned char*>(xModule.modBaseAddr);
                if (!
xModuleBuffer) {
                    return 
nullptr;
                }
                for (
t2signature_lengthj++)
                {
                    if (
static_cast<unsigned char>(signature[j]) == static_cast<unsigned char>(0x2A)) {
                        continue;
                    }
                    
count strlen(&signature[j]);
                    if (
count t2)
                    {
                        
t1 j;
                        
t2 count;
                    }
                    
+= (count 1);
                }
                for (
t1t1 t2i++) {
                    
wildcard[static_cast<unsigned char>(signature[i])] = 1;
                }
                for (
xModuleBaseSize signature_length>= 0l--)
                {
                    
xModuleBuffer[l];
                    
wildcard[c];
                    
false;
                    while (
== && static_cast<unsigned long>(l) > t2)
                    {
                        
-= t2;
                        
wildcard[xModuleBuffer[l]];
                        
true;
                    }
                    if (
== true)
                    {
                        
l++;
                        continue;
                    }
                    if (
!= static_cast<unsigned char>(signature[t1])) {
                        continue;
                    }
                    if (
t1 || t1 signature_length xModuleBaseSize) {
                        return 
nullptr;
                    }
                    for (
0signature_length 1j++)
                    {
                        if (
== t1 || static_cast<unsigned char>(signature[j]) == static_cast<unsigned char>(0x2A)) {
                            continue;
                        }

                        if (
xModuleBuffer[t1 j] != static_cast<unsigned char>(signature[j])) {
                            break;
                        }

                        if (
== signature_length 1) {
                            if (
FindSignatureCalls >= 8192) {
                                
lru_cache.clear();
                            }
                            
FindSignatureCalls++;
                            
size_t cnt lru_cache.size() + 1;
                            
lru_cache[cnt].module_name = (module_name);
                            
lru_cache[cnt].signature = (signature);
                            
lru_cache[cnt].xAddr reinterpret_cast<void*>(xModuleBuffer t1);
                            return 
reinterpret_cast<T>(xModuleBuffer t1);
                        }
                    }
                }
                return 
nullptr;
            }
        }
    }
    
CloseHandle(hSnap);
    return 
nullptr;
}

#pragma optimize("", off)
int main() {
    
voidaddr FindSignature<void*>("bla.dll""\x55\x8B\xEC\x8B\x45\x08\x03\x45\x0C");
    
printf("addr = 0x%X\n"reinterpret_cast<unsigned long>(addr));
    (
void)(std::getchar());
    return 
0;
}
#pragma optimize("", on) 
Sam839 is offline
Sam839
Zero Posts
Join Date: Apr 2019
Location: Russian Federation
Old 11-10-2020 , 12:13   Re: [T] Small useful codes - Thread
Reply With Quote #3

Simple FindSignature with LRU cache (max: 8192. If the value is above this limit, then the cache is flushed).

PHP Code:
#include <iostream>
#include <Windows.h>
#include <Tlhelp32.h>

#include <map>
#include <string>

struct LRU_Record {
    
std::string module_name;
    
std::string signature;
    
voidxAddr;
};

typedef unsigned long long int BigInt;
typedef std::map<size_tLRU_RecordLRU;

LRU lru_cache;
BigInt FindSignatureCalls 0;

template <typename T>
T __fastcall FindSignature(const charmodule_name, const charsignature)
{
    
static_assert(std::is_pointer<T>::value"Pointer only allowed!");
    if (!
module_name || !signature) {
        return 
nullptr;
    }
    for (
LRU::iterator it lru_cache.begin(); it != lru_cache.end(); it++) {
        if (
it->second.module_name == std::string(module_name) && it->second.signature == std::string(signature)) {
            return 
reinterpret_cast<T>(it->second.xAddr);
        }
    }

    
HANDLE hSnap CreateToolhelp32Snapshot(TH32CS_SNAPMODULE0);
    
MODULEENTRY32 xModule = { };
    
xModule.dwSize sizeof(MODULEENTRY32);
    
size_t signature_length strlen(signature);

    
unsigned charxModuleBaseAddress nullptr;
    
unsigned charxModuleBuffer nullptr;
    
unsigned charxAddr nullptr;
    
long xResult = -1;
    
unsigned char xStart 0;
    
unsigned long xNextStart 0;
    
unsigned char xSymbol 0;
    
unsigned long i 0;
    
unsigned long j 0;

    if (
Module32First(hSnap, &xModule)) {
        while (
Module32Next(hSnap, &xModule)) {
            if (!
strcmp(xModule.szModulemodule_name)) {
                
CloseHandle(hSnap);
                
xModuleBaseAddress reinterpret_cast<unsigned char*>(xModule.modBaseAddr);
                if (!
xModuleBaseAddress) {
                    return 
nullptr;
                }
                
xModuleBuffer xModuleBaseAddress;
                for (
0< (xModule.modBaseSize signature_length); i++)
                {
                    
xResult = -1;
                    
xNextStart 0;
                    
xStart static_cast<unsigned char>(signature[0]);
                    for (
0signature_lengthj++)
                    {
                        if (
static_cast<unsigned char>(signature[j]) == static_cast<unsigned char>(0x2A)) // if sig[j] == '?' { ... }
                        
{
                            continue;
                        }
                        
xSymbol = (xModuleBuffer i)[j];
                        if (
xSymbol == xStart)
                        {
                            
xNextStart j;
                        }
                        if (
xSymbol != static_cast<unsigned char>(signature[j]))
                        {
                            
xResult xNextStart;
                            break;
                        }
                    }
                    if (
xResult 0)
                    {
                        
xAddr xModuleBaseAddress i;
                        break;
                    }
                    else
                    {
                        
+= xResult;
                    }
                }
                if (
FindSignatureCalls >= 8192) {
                    
lru_cache.clear();
                }
                
FindSignatureCalls++;
                
size_t cnt lru_cache.size() + 1;
                
lru_cache[cnt].module_name = (module_name);
                
lru_cache[cnt].signature = (signature);
                
lru_cache[cnt].xAddr reinterpret_cast<void*>(xAddr);
                return 
reinterpret_cast<T>(xAddr);
            }
        }
    }
    
CloseHandle(hSnap);
    return 
nullptr;
}

#pragma optimize("", off)
int main() {
    
voidaddr FindSignature<void*>("bla.dll""\x55\x8B\xEC\x8B\x45\x08\x03\x45\x0C");
    
printf("addr = 0x%X\n"reinterpret_cast<unsigned long>(addr));
    (
void)(std::getchar());
    return 
0;
}
#pragma optimize("", on) 
Sam839 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:50.


Powered by vBulletin®
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Theme made by Freecode