so I am coding a Sigmaker which searches for a certain Byte Array in Program Memory.
So far i'm making good progress, i'm just a little disappointed with the scan speed. with larger ranges it can sometimes take up to 5 minutes to get a valid result.
I'm using the following code right now:
IntPtr bytesRead;
ReadProcessMemory(process.Handle, baseAddress, moduleBytes, moduleBytes.Length, out bytesRead);
for (int modulePos = 0; modulePos < moduleBytes.Length; modulePos++)
{
if (moduleBytes[modulePos] == patternBytes[pos] || mask[pos] == '?')
{
if (pos == maskLength)
{
foundstuff.Add(IntPtr.Add(baseAddress, modulePos - maskLength));
pos = 0;
}
pos++;
}
else
{
modulePos -= pos;
pos = 0;
}
}
I have accordingly searched for better algorithms and found the following: KMP Algorithm for Pattern Searching
Reading that, I added a KMP Algorithm to my project and after hours of work i have to realize that despite different codes and several rewrites the kmp algorithm is in the end 3-4 times slower than the code i used before, which doesn't sum up with the multiple comments in different threads that the KMP Algorithm would be the fastest one for my Work?
So did I do something wrong or is the Algorithm that I use actually the fastest Method for my Signature Scanner? Are there better Algorithms?
In case I did something wrong, I'll just add the Code here that I used:
IntPtr bytesRead;
ReadProcessMemory(process.Handle, baseAddress, moduleBytes, moduleBytes.Length, out bytesRead);
//converting ByteArray to HexString for the Algorithm
string data = ByteArrayToHexViaLookup32(moduleBytes); //will look like this "0F A2 03 00 01.."
//algorithm
int[] value = SearchString(data, pattern);
//Output = Offset of the found pattern
Here is the SearchString(data, pattern) Module
Aucun commentaire:
Enregistrer un commentaire