Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Signature Scanner for Delphi by ArxLex

arxlex
arxlex
in Programming and Coding

Featured Replies

Posted

Signature scanner written by ArxLex specifically for site members Cheaton.ru. Material purely for informational purposes. As a basis and work were taken functions from C++. Example is written for beginners and amateurs of WINAPI as a console application, for more comfort and understand the code. Enjoy!




program signaturescanner;

{$APPTYPE CONSOLE}
uses

  Windows, SysUtils, TlHelp32;
var

  m_pID: integer;

  m_hProc: THandle;

  module: TModuleEntry32;

  m_Sign: integer;
const

  procName = 'D3D9Test.exe';
procedure GetPID;

var

  snapshot: THandle;

  pInfo: PROCESSENTRY32;

begin

  snapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

  pInfo.dwSize := sizeof(PROCESSENTRY32);

  if (Process32First(snapshot, pInfo)) then

  begin

    while (Process32Next(snapshot, pInfo)) do

    begin

      if pInfo.szExeFile = procName then

      begin

        m_pID := pInfo.th32ProcessID;

        CloseHandle(snapshot);

        exit;

      end;

    end;

  end;

  m_pID := 0;

  CloseHandle(snapshot);

  exit;

end;
function GetModuleInfo(const module_name: PChar; main_process: boolean): TModuleEntry32;

var

  snapshot: THandle;

  module: TModuleEntry32;

begin

  snapshot := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, m_pID);

  module.dwSize := sizeof(TModuleEntry32);

  if (Module32First(snapshot, module)) then

  begin

    if (main_process) then

    begin

      CloseHandle(snapshot);

      result := module;

    end;

    while (Module32Next(snapshot, module)) do

    begin

      if (StrIComp(PChar(ExtractFileName(module.szModule)), PChar(module_name)) = 0) then

      begin

        CloseHandle(snapshot);

        result := module;

      end;

    end;

  end;

  result := module;

end;
function DataCompare(data: PByte; sign: PByte; mask: PAnsiChar): boolean;

begin

  while mask^ <> #0 do

  begin

    if ((mask^ = 'x') and (data^ <> sign^)) then

    begin

      result := false;

      exit;

    end;

    inc(mask);

    inc(data);

    inc(sign);

  end;

  result := true;

end;
function ScanSignature(base: Dword; size: Dword; sign: PByte; mask: PAnsiChar): integer;

var

  mbi: MEMORY_BASIC_INFORMATION;

  offset: integer;

  buffer: PByte;

  BytesRead: Dword;

  i: integer;

begin

  offset := 0;

  while (offset < size) do

  begin

    VirtualQueryEx(m_hProc, Pointer(base + offset), &mbi, sizeof(MEMORY_BASIC_INFORMATION));

    if (mbi.State <> MEM_FREE) then

    begin

      GetMem(buffer, mbi.RegionSize);

      ReadProcessMemory(m_hProc, mbi.BaseAddress, buffer, mbi.RegionSize, BytesRead);

      for i := 0 to mbi.RegionSize do

      begin

        if (DataCompare(buffer + i, sign, mask)) then

        begin

          FreeMem(buffer);

          result := integer(mbi.BaseAddress) + i;

          exit;

        end;

      end;

      FreeMem(buffer);

    end;

    offset := offset + mbi.RegionSize;

  end;

  result := 0;

end;
const

  Sign: array [0 .. 22] of byte = ($68, $00, $00, $00, $00, $68, $00, $00, $00, $00, $68, $00, $00, $00, $00, $FF, $15, $00, $00, $00, $00, $6A, $20);

  Mask = 'x????x????x????xx????xx';
begin

  GetPID();

  if (m_pID <> 0) then

  begin

    module := GetModuleInfo(nil, true);

    m_hProc := OpenProcess(PROCESS_ALL_ACCESS, false, m_pID);

    m_Sign := ScanSignature(integer(module.modBaseAddr), module.modBaseSize,   @Sign, Mask);

    writeln(' *************************************************************');

    writeln(' *              Signature Scanner for Delphi                 *');

    writeln(' *           Special for Cheat[ON].ru by ArxLex              *');

    writeln(' *************************************************************'+#10#13#10#13);

    writeln('        Handle Process: $', inttohex(m_hProc, sizeof(m_hProc)));

    writeln('        Pid: $', inttohex(m_pID, sizeof(m_pID)));

    writeln('        Process Base Address: $', inttohex(integer(module.modBaseAddr), sizeof(module.modBaseAddr)));

    writeln('        Process Base Size: $', inttohex(module.modBaseSize, sizeof(module.modBaseSize)));

    writeln('        Signature Address: $', inttohex(m_Sign, sizeof(m_Sign)));

    readln;

    CloseHandle(m_hProc);

  end;
end.

Source site: cheaton.ru


    •
    • Like 1

    Save us some time , can you give a brief explanation of what this is supposed to do? thanks.


    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.