Skip to content

Instantly share code, notes, and snippets.

@ahmetabdi

ahmetabdi/.data_search.cpp

Created March 7, 2020 20:31
Show Gist options
  • Save ahmetabdi/2b543e64028fe8f94014ef37d56ab2d7 to your computer and use it in GitHub Desktop.
Save ahmetabdi/2b543e64028fe8f94014ef37d56ab2d7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.data_search.cpp
uint64_t scan_for_klass(char* name) {
auto base = mem::get_module_base(L"GameAssembly.dll");
auto dos_header = mem::read<IMAGE_DOS_HEADER>(base);
auto data_header = mem::read<IMAGE_SECTION_HEADER>(base + dos_header.e_lfanew + sizeof(IMAGE_NT_HEADERS64) + (3 * 40));
auto next_section = mem::read<IMAGE_SECTION_HEADER>(base + dos_header.e_lfanew + sizeof(IMAGE_NT_HEADERS64) + (4 * 40));
auto data_size = next_section.VirtualAddress - data_header.VirtualAddress;
if (strcmp((char*)data_header.Name, ".data")) {
printf("[!] Section order changed\n");
exit(0);
}
for (uint64_t offset = data_size; offset > 0; offset -= 8) {
char klass_name[0x100] = { 0 };
auto klass = mem::read<uint64_t>(base + data_header.VirtualAddress + offset);
if (klass == 0) { continue; }
auto name_pointer = mem::read<uint64_t>(klass + 0x10);
if (name_pointer == 0) { continue; }
mem::read(name_pointer, klass_name, sizeof(klass_name));
if (!strcmp(klass_name, name)) {
printf("[*] 0x%x -> %s\n", data_header.VirtualAddress + offset, name);
return klass;
}
}
printf("[!] Unable to find %s in scan\n", name);
exit(0);
}
Code:
[*] 0x24b2aa0 -> BaseNetworkable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment