c++特征码扫描工具源码

记录一下特征码扫描的一个小工具源码，支持模糊搜索

#include <Windows.h>
#include <TlHelp32.h>
#include <tchar.h>
#include <String.h>
#include <Shlwapi.h>
#include <iostream>

using namespace std;

HANDLE hProcess;

template <typename T>
T Read(LPVOID address)
{
 T data;
 ReadProcessMemory(hProcess, address, &data, sizeof(T), nullptr);
 return data;
}

uintptr_t FindPattern(uintptr_t start, uintptr_t length, const unsigned char* pattern, const char* mask)
{
 size_t pos = 0;
 auto maskLength = strlen(mask) - 1;

 auto startAddress = start;
 for (size_t i = startAddress; i < startAddress + length; i++)
 {
 if (Read<unsigned char>((LPVOID)i) == pattern[pos] || mask[pos] == '?')
 {
 if (mask[pos + 1] == '\0')
 {
 return i - maskLength;
 }
 pos++;
 }
 else pos = 0;
 }
 return 0;
}

uintptr_t FindPattern(HMODULE hModule, const unsigned char* pattern, const char* mask)
{
 IMAGE_DOS_HEADER DOSHeader = Read<IMAGE_DOS_HEADER>(hModule);
 IMAGE_NT_HEADERS NTHeaders = Read<IMAGE_NT_HEADERS>(LPVOID(uintptr_t(hModule) + DOSHeader.e_lfanew));

 return FindPattern(
 reinterpret_cast<uintptr_t>(hModule) + NTHeaders.OptionalHeader.BaseOfCode,
 reinterpret_cast<uintptr_t>(hModule) + NTHeaders.OptionalHeader.SizeOfCode, pattern, mask
 );
}

HMODULE GetProcessModuleHandleByName(DWORD pid, LPCTSTR moduleName)
{
 MODULEENTRY32 moduleInfo;
 HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
 if (hSnapshot == INVALID_HANDLE_VALUE)
 {
 cout << "CreateToolhelp32Snapshot error " << GetLastError() << endl;
 return 0;
 }

 ZeroMemory(&moduleInfo, sizeof(MODULEENTRY32));
 moduleInfo.dwSize = sizeof(MODULEENTRY32);
 if (!Module32First(hSnapshot, &moduleInfo))
 {
 return 0;
 }

 do
 {
 if (!lstrcmpi(moduleInfo.szModule, moduleName))
 {
 CloseHandle(hSnapshot);
 return moduleInfo.hModule;
 }
 } while (Module32Next(hSnapshot, &moduleInfo));

 CloseHandle(hSnapshot);
 return 0;
}

DWORD GetProcessIDByName(LPCTSTR  pName)
{
 HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 if (INVALID_HANDLE_VALUE == hSnapshot)
 {
 cout << "CreateToolhelp32Snapshot error " << GetLastError() << endl;
 return 0;
 }
 PROCESSENTRY32 pe = { sizeof(pe) };
 for (BOOL ret = Process32First(hSnapshot, &pe); ret; ret = Process32Next(hSnapshot, &pe))
 {
 if (_tcscmp(pe.szExeFile, pName) == 0)
 {
 CloseHandle(hSnapshot);
 return pe.th32ProcessID;
 }
 }
 CloseHandle(hSnapshot);
 return 0;
}

int main()
{
 int pid = GetProcessIDByName(L"[LCG].exe");
 cout << "pid  = " << pid << endl;

 hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

 HMODULE hModule = GetProcessModuleHandleByName(pid, L"[LCG].exe");

 //FF 15 58 A4 EB 04 3B F4 E8
 uintptr_t result = FindPattern(hModule, (const unsigned char*)"\xff\x15", "xx");

 printf_s("module: 0x%p | feature code search result: 0x%p\n\n", hModule, result);

 system("pause");
 return 0;
}