benphelps · October 28, 2013 22:43
diff --git a/gistfile1.m b/gistfile1.m
 - (long long) scanForSignature:(unsigned char [])signature withSignatureSize:(int)signature_size withTask:(task_t)wow withRegion:(long long[])region
 {
    unsigned int buffer_size = 0x100000;
    long long bytes_read = 0x0;
    uintptr_t sz;
    while (bytes_read <= region[1])
    {
        unsigned char buffer[buffer_size];
        long long address = region[0] + bytes_read;
        uintptr_t buffer_pointer;
        vm_read(wow, address, buffer_size, &buffer_pointer, (mach_msg_type_number_t)&sz);
        // copy over to us
        memcpy(buffer, (const void *)buffer_pointer, sz);
        // parse 1mb
        unsigned int buffer_position = 0;
        while (buffer_position <= buffer_size) {
            unsigned int signature_start = buffer_position;
            unsigned int signature_position = 0;
            // parse bytes
            while (buffer[signature_start + signature_position] == signature[signature_position]) {
                signature_position++;
                if(signature_position == signature_size){
                    NSLog(@"Address Found: %llx", (region[0] + bytes_read + buffer_position));
                    return (long long) region[0] + bytes_read + buffer_position;
                }
                
            }
            buffer_position++;
        }
        bytes_read+=buffer_size;
    }
    return 0;
 }
diff --git a/gistfile2.txt b/gistfile2.txt
 long long scanMem(task_t wow, long long start, vm_size_t size, unsigned char *signature, int signature_size)
 {
    unsigned int buffer_size = 0x100000;
    int bytes_read = 0;
    uintptr_t sz;
    while (bytes_read <= size)
    {
        unsigned char buffer[buffer_size];
        long long address = start + bytes_read;
        uintptr_t buffer_pointer;
        mach_vm_read(wow, address, buffer_size, &buffer_pointer, &sz);
        // copy over to us
        memcpy(buffer, (const void *)buffer_pointer, sz);
        // parse 1mb
        unsigned int buffer_position = 0;
        while (buffer_position <= buffer_size) {
            unsigned int signature_start = buffer_position;
            unsigned int signature_position = 0;
            // parse bytes
            while (buffer[signature_start + signature_position] == signature[signature_position]) {;
                signature_position++;
                if(signature_position == signature_size){
                    return (long long) start + bytes_read + buffer_position;
                }

            }
            buffer_position++;
        }
        bytes_read+=buffer_size;
    }
    return 0;
 }
	- (long long) scanForSignature:(unsigned char [])signature withSignatureSize:(int)signature_size withTask:(task_t)wow withRegion:(long long[])region
	{
	unsigned int buffer_size = 0x100000;
	long long bytes_read = 0x0;
	uintptr_t sz;
	while (bytes_read <= region[1])
	{
	unsigned char buffer[buffer_size];
	long long address = region[0] + bytes_read;
	uintptr_t buffer_pointer;
	vm_read(wow, address, buffer_size, &buffer_pointer, (mach_msg_type_number_t)&sz);
	// copy over to us
	memcpy(buffer, (const void *)buffer_pointer, sz);
	// parse 1mb
	unsigned int buffer_position = 0;
	while (buffer_position <= buffer_size) {
	unsigned int signature_start = buffer_position;
	unsigned int signature_position = 0;
	// parse bytes
	while (buffer[signature_start + signature_position] == signature[signature_position]) {
	signature_position++;
	if(signature_position == signature_size){
	NSLog(@"Address Found: %llx", (region[0] + bytes_read + buffer_position));
	return (long long) region[0] + bytes_read + buffer_position;
	}

	}
	buffer_position++;
	}
	bytes_read+=buffer_size;
	}
	return 0;
	}
	long long scanMem(task_t wow, long long start, vm_size_t size, unsigned char *signature, int signature_size)
	{
	unsigned int buffer_size = 0x100000;
	int bytes_read = 0;
	uintptr_t sz;
	while (bytes_read <= size)
	{
	unsigned char buffer[buffer_size];
	long long address = start + bytes_read;
	uintptr_t buffer_pointer;
	mach_vm_read(wow, address, buffer_size, &buffer_pointer, &sz);
	// copy over to us
	memcpy(buffer, (const void *)buffer_pointer, sz);
	// parse 1mb
	unsigned int buffer_position = 0;
	while (buffer_position <= buffer_size) {
	unsigned int signature_start = buffer_position;
	unsigned int signature_position = 0;
	// parse bytes
	while (buffer[signature_start + signature_position] == signature[signature_position]) {;
	signature_position++;
	if(signature_position == signature_size){
	return (long long) start + bytes_read + buffer_position;
	}

	}
	buffer_position++;
	}
	bytes_read+=buffer_size;
	}
	return 0;
	}