Light

dasaav-dsv / pattern16 Goto Github PK

View Code? Open in Web Editor NEW

23.0 2.0 6.0 85 KB

The fastest x86-64 signature matching library.

License: MIT License

C++ 100.00%

aob aob-scanner cplusplus header-only memory-scanner pattern pattern-scanner reverse-engineering signature signature-scanner simd aob-scan

pattern16's Introduction

Pattern16

The fastest x86-64 signature matching library.

Features:

Faster than the fastest existing scanners by ~50%, with reliable singlethreaded speeds up to 25 GB/s for consecutive scans
Aids reverse engineering by targeting assembly bytecode
Designed and optimized for x86-64, with 32-bit support planned
Support for all new (and old) CPU features
Uses AVX1, SSE4.1, SSE2, CMOVE in order of availability, BMI2 and BMI1 (with fill-in functions)
Header only, written in modern C++

Usage:

Include Pattern16.h and provide the address of a memory region's start, its length and the signature to search for formatted as a string:

#include "Pattern16.h"

void* regionStart = (void*)0x140000000;
size_t regionSize = 0x4000000;
std::string signature = "00 11 ?? ?? ?? ?? 66 77 [?1?0??01] 99 AA BB C? ?D EE FF";
void* address = Pattern16::find(regionStart, regionSize, signature);

Pattern16 signature rules:

All byte values are represented in base16/hexadecimal notation
Space characters are ignored completely even inside bit masks, so use them for formatting
Symbols other than 0123456789ABCDEFabcdef[] are wildcards and can stand in for any byte or bit
A sequence of symbols within sqare brackets [] represents a bit field. Don't forget there are 8 bits in a byte!
Bits inside a bitfield can be masked with wildcard symbols
A bitfield does not have to be limited to a single byte, [01xx1100 xxx11xx0] is a legal 2-byte masked bitfield

pattern16's People

Contributors

Stargazers

Watchers

Forkers

clayne hypn4 pro100share stevezhou6 x-rays5-forks crack5

pattern16's Issues

Crashing when the signature is not found

Title, might possible solution is to return nullptr when not found (?)

Pattern16 finds itself

Pattern16 allocates memory which it eventually finds...

Run a process that definitely does not have a test string in memory
Check through a debugger or in any other way that this string is not in memory
Inject the library and let it finish scanning
Check again for the presence of this string in memory

Code to reproduce the problem

#include <Windows.h>
#include <iostream>

#include "pattern16/include/Pattern16.h"

void* ScanMemory(const char* string)
{
	uintptr_t* address = nullptr;

	MEMORY_BASIC_INFORMATION meminfo{};

	while (VirtualQuery(address, &meminfo, sizeof(meminfo)))
	{
		address = reinterpret_cast<uintptr_t*>
			(reinterpret_cast<SIZE_T>(meminfo.BaseAddress) + meminfo.RegionSize);

		if (!(meminfo.State == MEM_COMMIT &&
			meminfo.Type == MEM_PRIVATE &&
			meminfo.Protect == PAGE_READWRITE))
			continue;

		void* ptr = Pattern16::scan(meminfo.BaseAddress, meminfo.RegionSize, string);

		if (ptr)
			return ptr;
	}

	return nullptr;
}

int main()
{
	// Hello World
	void* ptr = ScanMemory("48 65 6C 6C 6F 20 57 6F 72 6C 64");

	if (ptr)
		std::cout << ptr << std::endl;
	else
		std::cout << "String not found!" << std::endl;

	system("pause");
	return EXIT_SUCCESS;
}

Are there any benchmarks to test.

This is the fastest algorithm I've ever used.
https://github.com/0x1F9F1/mem/blob/master/include/mem/simd_scanner.h

Unable to compile with clang-cl toolset

I'm using Visual Studio 2022 with clang-cl and getting errors with AVX, BMI, etc, even though the build is SSE.

Could you use this externally?

If you want a working external version, you could use FindPatternEx, as far is I know, there's no way to use this externally, you can only do it internally.
https://github.com/dark64/findpatternex/blob/a8eb0ae80633e54cd20fa701b77ba4db62de74ff/findpatternex/findpattern.h#L10-L45

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.