Closed airvzxf closed 2 years ago
if you re.escape your pattern before passing it to pattern_scan_module does it fix your issue? \x24 is $ which is a regex symbol
you can also just escape the $s with \$
or \\x24
Ok, it is because it has the feature of the pattern, not only looking for specific byte array. Thanks!
Can you add this to the documentation please? I have spent a long time figuring out why pymem scan results were wrong compared to comparing C program I was rebuilding. There was nothing about this in the docs. And when I made this change it was fixed.
this is in the documentation here https://pymem.readthedocs.io/en/latest/api.html#module-pymem.pattern listed for the pattern param
Maybe, we can add other function which is not search as a pattern, and check as static binary sequence. What do you think @StarrFox ? Because, I understand the pattern is a good tool but not all of us are using, I changed the code in my end to keep it working, but if a user clone my repository and clone your package Pymem, it will crash in their locals.
you can just use re.escape on your bytes or put your bytes in rb mode like rb"\x00\x90\xDE"
Oh! Can we add this to the documentation as a note in both functions? I am a Senior Python Developer, but I don't know all the specific topics, for example this escape way. Sometimes we spend a lot of time in some specific topic that we converted to experts for this reason, maybe I and others have the lack of this knowledge.
I don't see any reason not to
I'll create a new pull request and issue with the update of the documentation. Thanks!
:+1: for pull-request, i'll have a look when available
@scythetleppo, did you still have the problem if you remove the .hex()
? It is happening right now to me, I removed my changes in the pattern.py file without changes in my code, and it works. It is very strange because it wasn't work and right now is working, I checked and there is not updated from PyMem, Python, Ctypes, or something.
Steps, was uninstallation with pip
the pymem
, then install again.
I have the theory that maybe I had a wrong bytes string, but I don't think so because when I changed to .hex()
, then it works.
I will follow this and try to see if it is broken again, then I will find what is the error from my side or a bug from Python or PyMem.
Describe the bug Pymem is not searching with the function
scan_pattern_page()
.Your Environment
Expected behavior Given a byte string, find it in the memory.
Traceback N/A
Additional context Running this:
it prints:
found: None
but I am expecting:found: 123456789