void* HDTools::Find( const char* pPattern, void* pMemoryStart, size_t nMemorySize )
{
DWORD PatternSize = (DWORD)((strlen(pPattern) + 1) / 3);
BYTE WildCard = 0;
WORD* WordPattern = new WORD[PatternSize];
BYTE* BytePattern = new BYTE[PatternSize];
for (DWORD i = 0; i < PatternSize; i++)
{
PCHAR Num = (PCHAR)(pPattern + i * 3);
if(*(PWORD)Num == (WORD)0x3F3F) // ??
WordPattern[i] = (WORD)0x3F3F;
else
WordPattern[i] = (WORD)strtol(Num, 0, 16);
}
for (BYTE i = 0; i <= 0xFF; i++)
{
for (DWORD j = 0; j < PatternSize; j++)
{
if (WordPattern[j] == i)
break;
if(j == PatternSize - 1)
{
WildCard = i;
break;
}
}
if(WildCard)
break;
}
for (DWORD i = 0; i < PatternSize; i++)
{
if(WordPattern[i] == 0x3F3F)
BytePattern[i] = WildCard;
else
BytePattern[i] = (BYTE)WordPattern[i];
}
delete[] WordPattern;
void* Return = FindEx(BytePattern, PatternSize, WildCard, pMemoryStart, nMemorySize);
delete[] BytePattern;
return Return;
}
__declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchStart, DWORD SearchSize, void* SearchPattern, DWORD PatternSize, DWORD PatternDelta, ULONG_PTR BreakType, bool SingleBreak, DWORD Parameter1, DWORD Parameter2)
{
ULONG_PTR fPatternLocation;
DWORD fBreakPointType = UE_BREAKPOINT;
UnpackerInformation fUnpackerInformation = {};
if((int)SearchStart == UE_UNPACKER_CONDITION_SEARCH_FROM_EP)
{
if(EngineUnpackerFileStatus.FileIsDLL)
{
SearchStart = (void*)((ULONG_PTR)GetPE32DataW(szEngineUnpackerInputFile, NULL, UE_OEP) + (ULONG_PTR)GetDebuggedDLLBaseAddress());
}
else
{
SearchStart = (void*)((ULONG_PTR)GetPE32DataW(szEngineUnpackerInputFile, NULL, UE_OEP) + (ULONG_PTR)GetDebuggedFileBaseAddress());
}
}
if(SearchSize == NULL)
{
SearchSize = 0x1000;
}
fPatternLocation = (ULONG_PTR)FindEx(pEngineUnpackerProcessHandle->hProcess, SearchStart, SearchSize, SearchPattern, PatternSize, NULL);
if(fPatternLocation != NULL)
{
if(SingleBreak)
{
fBreakPointType = UE_SINGLESHOOT;
}
fPatternLocation = fPatternLocation + (int)PatternDelta;
fUnpackerInformation.Parameter1 = Parameter1;
fUnpackerInformation.Parameter2 = Parameter2;
fUnpackerInformation.SingleBreak = SingleBreak;
fUnpackerInformation.BreakPointAddress = fPatternLocation;
if(BreakType == UE_UNPACKER_CONDITION_LOADLIBRARY)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyLoadLibraryCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_GETPROCADDRESS)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_ENTRYPOINTBREAK)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT1)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack))
{
fUnpackerInformation.SnapShotNumber = 1;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT2)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack))
{
fUnpackerInformation.SnapShotNumber = 2;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
else
{
if(SetBPX(fPatternLocation, fBreakPointType, (void*)BreakType))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
}
}
}
return false;
}
