我正在学习有关签名扫描的问题。我的代码有点丑陋,但它应该能正常工作,无法理解如何解决我的问题。我主函数中的主要函数memory.findSignature()返回一个垃圾值,因此当我读取并给RemoteHealth一个值时,它也是垃圾。
主要:
# smtp mail setup
config.action_mailer.delivery_method = :smtp
config.action_mailer.default_url_options = { host: 'abc.herokuapp.com' }
config.action_mailer.smtp_settings = {
address: ENV['SMTP_ADDRESS'],
port: ENV['SMTP_PORT'].to_i,
domain: ENV['SMTP_DOMAIN'],
user_name: ENV['SMTP_USER_NAME'],
password: ENV['SMTP_PASSWORD'],
authentication: 'plain',
enable_starttls_auto: true
}
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default_options = { from: 'contact@abc.com' }
memory.h:
LPCSTR signature = "\x48\x4A\x85\x2A\x44\x49";
LPCSTR mask = "xxxxxx";
uintptr_t healthAddr = memory.findSignature(CS.client.dwBase, CS.client.dwSize, signature, mask);
int RemoteHealth = memory.readAddress<int>(healthAddr);
std::cout << "value:" << std::hex << RemoteHealth << " address:" << healthAddr <<std::endl;
我不知道该怎么解释,但是我知道问题出在我的两个记忆功能之一中...
bool memoryCompare(const byte* data, const byte* mask, const char* szMask) {
for (; *szMask; ++szMask, ++data, ++mask) {
if (*szMask == 'x' && *data != *mask) {
return false;
}
}
return true;
}
uintptr_t findSignature(uintptr_t sigStart, uintptr_t sigSize, const char* signature, const char* mask) {
byte* data = new byte[sigSize];
SIZE_T bytesRead;
ReadProcessMemory(procHandle, (LPVOID)sigStart, data, sigSize, &bytesRead);
for (uintptr_t i = 0; i < sigSize; i++) {
if (this->memoryCompare((const byte*)(data + i), (const byte*)signature, mask)) {
delete[] data;
return sigStart + i;
}
}
delete[] data;
return NULL;
}
memoryCompare的返回值被翻转,但是在读取时值仍然是垃圾。...该地址只是在模块:/
中首先读取