search

srounet / Pymem

A python library for windows, providing the needed functions to start working on your own with memory editing.
MIT License
303 stars 45 forks source link

Bug in function scan_pattern_page() #76

Closed airvzxf closed 2 years ago

airvzxf commented 2 years ago

Describe the bug Pymem is not searching with the function scan_pattern_page().

Your Environment

  1. Python 3.10.2
  2. Windows 10 - 64 bits
  3. pymem version 1.8.5

Expected behavior Given a byte string, find it in the memory.

Traceback N/A

Additional context Running this:

pattern = b'\x10\x8C\x24\x24\xFA\x7F\x00\x00'
found = pattern_scan_module(py_mem.process_handle, hackGU_vol1, pattern, return_multiple=False)
print(f'found: {found}')

it prints: found: None but I am expecting: found: 123456789

StarrFox commented 2 years ago

if you re.escape your pattern before passing it to pattern_scan_module does it fix your issue? \x24 is $ which is a regex symbol

you can also just escape the $s with \$ or \\x24

airvzxf commented 2 years ago

Ok, it is because it has the feature of the pattern, not only looking for specific byte array. Thanks!

NRHGDW commented 2 years ago

Can you add this to the documentation please? I have spent a long time figuring out why pymem scan results were wrong compared to comparing C program I was rebuilding. There was nothing about this in the docs. And when I made this change it was fixed.

StarrFox commented 2 years ago

this is in the documentation here https://pymem.readthedocs.io/en/latest/api.html#module-pymem.pattern listed for the pattern param

airvzxf commented 2 years ago

Maybe, we can add other function which is not search as a pattern, and check as static binary sequence. What do you think @StarrFox ? Because, I understand the pattern is a good tool but not all of us are using, I changed the code in my end to keep it working, but if a user clone my repository and clone your package Pymem, it will crash in their locals.

StarrFox commented 2 years ago

you can just use re.escape on your bytes or put your bytes in rb mode like rb"\x00\x90\xDE"

airvzxf commented 2 years ago

Oh! Can we add this to the documentation as a note in both functions? I am a Senior Python Developer, but I don't know all the specific topics, for example this escape way. Sometimes we spend a lot of time in some specific topic that we converted to experts for this reason, maybe I and others have the lack of this knowledge.

StarrFox commented 2 years ago

I don't see any reason not to

airvzxf commented 2 years ago

I'll create a new pull request and issue with the update of the documentation. Thanks!

srounet commented 2 years ago

:+1: for pull-request, i'll have a look when available

airvzxf commented 2 years ago

@scythetleppo, did you still have the problem if you remove the .hex()? It is happening right now to me, I removed my changes in the pattern.py file without changes in my code, and it works. It is very strange because it wasn't work and right now is working, I checked and there is not updated from PyMem, Python, Ctypes, or something.

Steps, was uninstallation with pip the pymem, then install again.

I have the theory that maybe I had a wrong bytes string, but I don't think so because when I changed to .hex(), then it works.

I will follow this and try to see if it is broken again, then I will find what is the error from my side or a bug from Python or PyMem.