I've Googled on this for hours to absolutely no avail, so I'm down to
trial and error... and a shot in the dark with a post, here.
The simplest way to describe what I'm trying to do is search memory for
a signature. In technical terms, though, I want to install a hook on a
certain piece of code, that I'll know I've found when I locate that
signature. I'm using madCodeHook to install the hook... but I'm stuck on
the part about finding the signature, in the first place.
I'm converting code from MSVC, if that helps any:
DWORD FindHookSCO()
{
char* ptr = (char*) 0x400000;
while (ptr < (char*) 0x600000)
{
if ((ptr[0] == (char) 0x8b) &&
(ptr[1] == (char) 0x09) &&
(ptr[2] == (char) 0x85) &&
(ptr[3] == (char) 0xc9) &&
(ptr[4] == (char) 0x74) &&
(ptr[5] == (char) 0x26)
)
return (DWORD) ptr;
else
ptr++;
}
return NULL;
}
My C is at most amateur, though, so the best I could come up with in
Delphi is:
function FindHookSCO: Integer;
var
P : PChar;
begin
P := PChar($400000);
while P < PChar($600000) do
if
(P[0] = Chr($8B)) and
(P[1] = Chr($09)) and
(P[2] = Chr($85)) and
(P[3] = Chr($C9)) and
(P[4] = Chr($74)) and
(P[5] = Chr($26))
then begin
Result := Integer(P);
Exit;
end else
Inc(P);
Result := 0;
end;
Am I abusing the use of PChar here? Do I need to use Ptr() instead, in
some fashion? Or, the holy grail, can anyone point me to some examples
of scanning memory for signatures in Delphi, preferably in collusion
with HookCode?
Thanks in advance...
