Right so it most likely still needs work and checks, but here it is a working version of the original function i posted...
PHP Code:
Function SearchMemory(SearchDLL: hModule; wildcard: Byte; searchCode: Array of Byte; size: Integer) : Pointer;
Const
UCHAR_MAX = 255;
Var
scan,lastByte,defaultSkip,pID, searchEnd,SearchSuccess : Cardinal;
skipLength : ARRAY of Integer;
dllInfo : TModuleInfo;
p : pointer;
pbCurrent: PByte;
b: Byte;
begin
//WriteLog('------------------------------------------------------------------------------------');
//WriteLog('SearchMemory: Phase 1 - Builds skip length for chars that are not in search');
//The first loop builds the skip length for characters that aren't in the searched "string"
lastByte := size - 1;
while searchCode[lastByte] = wildcard do Dec(lastByte);
defaultSkip := lastByte;
//WriteLog('SearchMemory: Phase 2 - Building skip length');
//The second one builds the skip length for the characters in the string
scan := 0;
for scan:= 0 to lastByte - 1 do
begin
if searchCode[scan] = wildcard then defaultSkip := lastByte - scan;
end;
if defaultSkip > 1 then defaultSkip := defaultSkip - 1;
//WriteLog(Format('defaultSkip: %u', [scan]));
//WriteLog('SearchMemory: Phase 3 - Create Skiplength loop');
//Is just setting the default skip length
SetLength(skipLength, UCHAR_MAX);
for scan:=0 to UCHAR_MAX do
skipLength[scan] := defaultSkip;
//WriteLog('SearchMemory: Phase 4 - Searching, skipping bytes based on the skip length');
//Third loop searches for the string, skipping bytes based on the skip length
for scan := 0 to lastByte-1 do
begin
if searchCode[scan] <> wildcard then
begin
skipLength[searchCode[scan]] := lastByte - scan;
end;
end;
if GetModuleInformation(GetCurrentProcess, SearchDLL, @dllInfo, sizeof(dllInfo)) = FALSE then
begin
//WriteLog('SearchMemory: Phase 5 - GetModuleInformation failed...');
exit;
end
else
begin
//WriteLog('SearchMemory: Phase 5 - Im past GetModuleInformation...');
p := dllInfo.lpBaseOfDll;
//WriteLog(Format('SearchMemory: Checking dllInfo.lpBaseOfDll: %p', [p]));
searchEnd := Cardinal(dllInfo.lpBaseOfDll) + dllInfo.SizeOfImage;
searchEnd := searchEnd - (lastByte + 1);
//WriteLog(Format('SearchMemory: Checking StartAddr: %p, SearchEnd: %08X', [p, searchEnd]));
//WriteLog('------------------------------------------------------------------------------------');
while Cardinal(p) <= searchEnd do
begin
scan := lastByte;
while ((searchCode[scan] = wildcard) or (PByte(Cardinal(p)+scan)^ = searchCode[scan])) do
begin
if scan = 0 then
begin
result := P;
Inc(SearchSuccess);
Exit;
end;
scan := scan-1;
end;
p := Pointer(Cardinal(p)+skipLength[PByte(Cardinal(p)+lastByte)^]);
end;
if ( SearchSuccess = 0 ) then
begin
//WriteLog('ERROR: Search failed');
result := 0;
exit;
end;
if ( SearchSuccess > 1 ) then
begin
//WriteLog('ERROR: Search returned multiple results');
result := 0;
exit;
end;
result := 0;
end;
end;