Open nyaoouo opened 3 years ago
Escaping the re characters within the function wouldn't allow you to find the vast majority of patterns
Escaping the re characters within the function wouldn't allow you to find the vast majority of patterns
so i think the document may add a description about its using regular expressions, this feature cause a bit trouble for me and i try to debug for a while then i found this problem
Is there any more info on this? I'm struggling to find anything that contains wildcards Using the following pattern in equivalent cpp libraries: "46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 45 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 45 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 83 C3 ? 44 89 ? 66 41 ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 46 89 ? ? EB ? E8 ? ? ? ? 41 8B ? ? 41 89 ? ? ? ? ? 83 C0 ? 41 8B ? ? ? ? ? 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 89 C2 41 89 ? ? ? ? ? 48 B8 ? ? ? ? ? ? ? ? 41 89 ? 41 C1 EE ? 4A 8B ? ? 48 85 ? 74 ? 41 89 ? 41 81 E5 ? ? ? ? 42 8B ? ? EB ? E8 ? ? ? ? 41 89 ? ? 41 8B ? ? ? ? ? 83 C0 ? 45 8B"
I get proper results.
but when I try this library with the following (replacing every '?' with a dot):
b"\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x45...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x45...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x83\xC3.\x44\x89.\x66\x41...\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x46\x89..\xEB.\xE8....\x41\x8B..\x41\x89.....\x83\xC0.\x41\x8B.....\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x89\xC2\x41\x89.....\x48\xB8........\x41\x89.\x41\xC1\xEE.\x4A\x8B..\x48\x85.\x74.\x41\x89.\x41\x81\xE5....\x42\x8B..\xEB.\xE8....\x41\x89..\x41\x8B.....\x83\xC0.\x45\x8B"
I get no results. I also tried what the OP used, but it didn't work for me. Any suggestions?
Just tried it for wow 3.3.5a:
import pymem
import pymem.pattern
pm = pymem.Pymem("Wow.exe")
module = pymem.process.module_from_name(pm.process_handle, "Wow.exe")
print("starting scan")
GetMinimapZoneText = pymem.pattern.pattern_scan_module(pm.process_handle, module, rb"\x55\x8B\xEC\xA1....\x85\xC0\x75\x05\xB8....\x50\x8B\x45\x08\x50\xE8....\x83\xC4\x08\xB8....\x5D\xC3")
print("GetMinimapZoneText address: {}".format(hex(GetMinimapZoneText)))
And it works:
2021-05-03 10:17:26,348 - pymem - DEBUG - Process 14580 is being debugged
starting scan
GetMinimapZoneText address: 0x515570
i solve it for
re.escape(raw_pattern).replace(b'\.',b'.')
but i think the escape function should be build in or list in the doc that user should pay attention to this point