pattern scan module with bytes same with regex special characters

[nyaoouo]

i solve it for re.escape(raw_pattern).replace(b'\.',b'.') but i think the escape function should be build in or list in the doc that user should pay attention to this point

[StarrFox]

Escaping the re characters within the function wouldn't allow you to find the vast majority of patterns

[nyaoouo]

Escaping the re characters within the function wouldn't allow you to find the vast majority of patterns

so i think the document may add a description about its using regular expressions, this feature cause a bit trouble for me and i try to debug for a while then i found this problem

[Insensitivity]

Is there any more info on this? I'm struggling to find anything that contains wildcards Using the following pattern in equivalent cpp libraries: "46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 45 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 45 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 41 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 8B ? ? 41 89 ? ? ? ? ? 83 C0 ? 41 8B ? ? ? ? ? 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 45 8B"

I get proper results.

but when I try this library with the following (replacing every '?' with a dot):

b"\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x45...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x45...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x41...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x8B..\x41\x89.....\x83\xC0.\x41\x8B.....\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x45\x8B"

I get no results. I also tried what the OP used, but it didn't work for me. Any suggestions?

[srounet]

Just tried it for wow 3.3.5a:

import pymem
import pymem.pattern

pm = pymem.Pymem("Wow.exe")
module = pymem.process.module_from_name(pm.process_handle, "Wow.exe")

print("starting scan")
GetMinimapZoneText = pymem.pattern.pattern_scan_module(pm.process_handle, module, rb"\x55\x8B\xEC\xA1....\x85\xC0\x75\x05\xB8....\x50\x8B\x45\x08\x50\xE8....\x83\xC4\x08\xB8....\x5D\xC3")
print("GetMinimapZoneText address: {}".format(hex(GetMinimapZoneText)))

And it works:

2021-05-03 10:17:26,348 - pymem - DEBUG - Process 14580 is being debugged
starting scan
GetMinimapZoneText address: 0x515570