Solved Simple Pattern Scanner?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

HexMurder

Arcane Hacker
Dank Tier VIP
Dank Tier Donator
Jun 7, 2012
319
7,988
22
I have never gotten around to making a signature / pattern scanner in C#. I found a few examples upon google searching but a lot of them seemed very messy / inefficient or required a lot to implement. Anyone have one they would care to share? Thanks guys. (C# Obviously)
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
C++:
        public bool CheckPattern(string pattern, byte[] array2check)
        {
            int len = array2check.Length;
            string[] strBytes = pattern.Split(' ');
            int x = 0;
            foreach(byte b in array2check)
            {
                if(strBytes[x] == "?" || strBytes[x] == "??")
                {
                    x++;
                }
                else if(byte.Parse(strBytes[x], NumberStyles.HexNumber) == b)
                {
                    x++;
                }
                else
                {
                    return false;
                }
            }
            return true;
        }

        public IntPtr PatternScanMod(ProcessModule pMod, string pattern)
        {
            IntPtr baseAddy = pMod.BaseAddress;
            uint dwSize = (uint)pMod.ModuleMemorySize;
            int br;
            OpenHandle();
            byte[] memDump = Read(baseAddy, dwSize, out br);
            CloseHandle();
            string[] pBytes = pattern.Split(' ');
            try
            {
                for (int y = 0; y < memDump.Length; y++)
                {
                    if (memDump[y] == byte.Parse(pBytes[0], NumberStyles.HexNumber))
                    {
                        byte[] checkArray = new byte[pBytes.Length];
                        for (int x = 0; x < pBytes.Length; x++)
                        {
                            checkArray[x] = memDump[y + x];
                        }
                        if(CheckPattern(pattern, checkArray))
                        {
                            return baseAddy + y;
                        }
                        else
                        {
                            y += pBytes.Length - (pBytes.Length / 2);
                        }
                    }
                }
            }
            catch (Exception)
            {
                return IntPtr.Zero;
            }
            return IntPtr.Zero;
        }
And you use it like dis.

C++:
     InfBreath = Mem.PatternScanMod(Mem.ReadProcess.MainModule, "f3 0f 11 86 ? ? ? ? 76 1d f3 0f 5e c1 f3 0f 11 45 08");
I wasn't very fond of the ones out in public either so I made my own a while back. Hopefully easy to understand :)
 
  • Like
Reactions: pcG and Rake

Boboo99

Scrub
Dank Tier VIP
Fleep Tier Donator
Feb 20, 2016
471
12,178
44
C#:
public class Pattern
    {
        private ProcessModule processModule;
        private string pattern;

        public Pattern(ProcessModule _processModule,string _pattern)
        {
            processModule = _processModule;
            pattern = _pattern;
        }

        private bool checkPattern(string pattern, byte[] array2check)
        {
            int len = array2check.Length;
            string[] strBytes = pattern.Split(' ');
            int x = 0;
            foreach (byte b in array2check)
            {
                if (strBytes[x] == "?" || strBytes[x] == "??")
                {
                    x++;
                }
                else if (byte.Parse(strBytes[x], NumberStyles.HexNumber) == b)
                {
                    x++;
                }
                else
                {
                    return false;
                }
            }
            return true;
        }

        public List<IntPtr> Adress
        {
            get
            {
                byte[] moduleMemory = new Pointer<byte[]>(processModule.BaseAddress, processModule.ModuleMemorySize).ReadValue();
                string[] splitPattern = pattern.Split(' ');
                List<IntPtr> adressList = new List<IntPtr>();
                try
                {
                    for (int y = 0; y < moduleMemory.Length; y++)
                    {
                        if (moduleMemory[y] == byte.Parse(splitPattern[0], NumberStyles.HexNumber))
                        {
                            byte[] checkArray = new byte[splitPattern.Length];
                            for (int x = 0; x < splitPattern.Length; x++)
                            {
                                checkArray[x] = moduleMemory[y + x];
                            }
                            if (checkPattern(pattern, checkArray))
                            {
                               adressList.Add((IntPtr)((uint)processModule.BaseAddress + y));
                            }
                            else
                            {
                                y += splitPattern.Length - (splitPattern.Length / 2);
                            }
                        }
                    }
                    return adressList;
                }
                catch (Exception)
                {
                    throw new Exception("Could not check the pattern");
                }
            }
        }

    }

    class Test
    {
        public Test()
        {
            IntPtr adress = new Pattern(Process.GetProcesses().First().MainModule, "f3 0f 11 86 ? ? ? ? 76 1d f3 0f 5e c1 f3 0f 11 45 08").Adress.First();
        }
    }
Everyone goes nuts about this topic, so here is my solution, basically a copy paste of Traxin wrapped up in a class having a property Adress and getting it trought the "get" of the property :bicepright::fleep:
 

HexMurder

Arcane Hacker
Dank Tier VIP
Dank Tier Donator
Jun 7, 2012
319
7,988
22
I wasn't very fond of the ones out in public either so I made my own a while back. Hopefully easy to understand :)

Care to share your NumberStyles, OpenHandle, and CloseHandle functions just so i can get the full picture? Thanks man this looks substantially cleaner than all the other ones i have seen in C#.

EDIT: And maybe your Read function as well. Just trying to analyze it fully. (If you don't mind lol)
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
I didn't share them before cause there really isn't much to show. They're just Open/Close handle functions while the handle is held as a member variable part of the class.

C++:
        public void OpenHandle()
        {
            ProcessAccessType access = ProcessAccessType.PROCESS_VM_READ
            | ProcessAccessType.PROCESS_VM_WRITE
            | ProcessAccessType.PROCESS_VM_OPERATION;
            m_hProcess = OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
        }

        public void CloseHandle()
        {
            int iRetValue;
            iRetValue = CloseHandle(m_hProcess);
            if (iRetValue == 0)
            {
                throw new Exception("CloseHandle Failed");
            }
        }
And NumberStyles is just part of System.Globalization so it's some built-in shit.

Here's Read()

C++:
        public byte[] Read(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
        {
            byte[] buffer = new byte[bytesToRead];
            IntPtr ptrBytesRead;
            ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
            bytesRead = ptrBytesRead.ToInt32();
            return buffer;
        }
 

cNoEvil

Coder
Full Member
Nobleman
Jun 6, 2016
159
1,218
1
C#:
public long[] FindPattern(byte[] RefByteArray, byte[] Pattern, string mask, long BASE)
        {
            //check mask
            if (Pattern.Length != mask.Length)
            {
                return new long[0];
            }
            long XYZ = 0;
            int Match = 0;
            List<long> AddressList = new List<long>();
            for (int i = 0; i < RefByteArray.Length; i++)
            {
                byte[] array_segment = ReadByteArrayByLength(RefByteArray, Pattern.Length, XYZ);

                for (int si = 0; si < array_segment.Length; si++)
                {
                    if (mask[si] == '?')
                    {
                        Match++;
                        continue;
                    }
                    else
                    {
                        if (Match == Pattern.Length)
                        {
                            Match = 0;
                            AddressList.Add(BASE + XYZ - Pattern.Length);
                            continue;
                        }

                        if (array_segment[si] == Pattern[si])
                        {
                            Match++;
                        }
                        else { Match = 0; break; }
                    }
                }
                XYZ += Pattern.Length;
            }
            return AddressList.ToArray();
        }

i am going to rewrite this because i kinda feel i need to, merely providing example for returning all results.
 

HexMurder

Arcane Hacker
Dank Tier VIP
Dank Tier Donator
Jun 7, 2012
319
7,988
22
C#:
public long[] FindPattern(byte[] RefByteArray, byte[] Pattern, string mask, long BASE)
        {
            //check mask
            if (Pattern.Length != mask.Length)
            {
                return new long[0];
            }
            long XYZ = 0;
            int Match = 0;
            List<long> AddressList = new List<long>();
            for (int i = 0; i < RefByteArray.Length; i++)
            {
                byte[] array_segment = ReadByteArrayByLength(RefByteArray, Pattern.Length, XYZ);

                for (int si = 0; si < array_segment.Length; si++)
                {
                    if (mask[si] == '?')
                    {
                        Match++;
                        continue;
                    }
                    else
                    {
                        if (Match == Pattern.Length)
                        {
                            Match = 0;
                            AddressList.Add(BASE + XYZ - Pattern.Length);
                            continue;
                        }

                        if (array_segment[si] == Pattern[si])
                        {
                            Match++;
                        }
                        else { Match = 0; break; }
                    }
                }
                XYZ += Pattern.Length;
            }
            return AddressList.ToArray();
        }

i am going to rewrite this because i kinda feel i need to, merely providing example for returning all results.
Wait, does this method search every module?
 

cNoEvil

Coder
Full Member
Nobleman
Jun 6, 2016
159
1,218
1
It can you just have ti give a new refbyteArray i rewrite my entire thing and made it shorter right after i posted that.

it just collects all results contained within a byte array.

i use this for my memory scanner.

C#:
public List<long> GetPatterns(byte[] refByteArray, byte[] pattern, string mask, int ind)
        {
            if (pattern.Length != mask.Length) { MessageBox.Show("nope"); return null; }

            List<long> AddyList = new List<long>();

            for (int fbi = 4; fbi < refByteArray.Length; fbi++)
            {
                byte[] segment = ReadByteArrayByLength(refByteArray, 4, fbi);

                int hc = 0;
                for (int i = 0; i < segment.Length; i++)
                {
                    if (mask[i] != 'x')
                    {
                        hc++;
                    }
                    else if (mask[i] == 'x')
                    {
                        if (segment[i] == pattern[i])
                        {
                            hc++;
                        }
                    }
                }
                if (hc == 4)
                {
                    AddyList.Add((long)theProc.Modules[ind].BaseAddress + fbi);
                }
                
            }
            return AddyList;
        }
    }
}
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods