BedolagaEvgen
commented
5 years ago I understood the first part of the question: Pattern.FindMem (start, SizeMemPage, "47 45 54 20 2F") The second part of the question remains open.
Closed BedolagaEvgen closed 5 years ago
BedolagaEvgen
commented
5 years ago I understood the first part of the question: Pattern.FindMem (start, SizeMemPage, "47 45 54 20 2F") The second part of the question remains open.
mrexodia
commented
5 years ago You can use a loop, something like (pseudocode):
while True:
found = Pattern.FindMem(start, SizeMemPage, "47 45 ...")
if found == 0:
break
print(found)
start = found + 1This is a no brainer. Thus, I can’t go through the entire MEMMAP, but only one MEMPAGE - the start address and size I must enter manually. I need to search for a string in ALL MEMORY.
mrexodia
commented
5 years ago You can use DbgCmdExecDirect("findmemall ...") (see https://help.x64dbg.com/en/latest/commands/searching/findallmem.html). Then you can use DbgEval and the reference expression functions: https://help.x64dbg.com/en/latest/introduction/Expression-functions.html#references. If I have some time I will see if it's possible to update the python bindings, but you should be able to do this yourself.
mrexodia
commented
5 years ago For more information about how to implement these kind of features yourself, check the following commits. It's very easy to add new methods/properties/etc to this API, but I'm not using x64dbgpy myself so I don't know what is needed.
Usage:
import scriptapi
print(help(scriptapi))If you don't understand something, check scriptapi.cpp and feel free to open pull requests if you have improvements!
BedolagaEvgen
commented
5 years ago You do not want to hear my question, unfortunately.
According to your texts:
You can use DbgCmdExecDirect ("findmemall ...")
Using this is not possible:
I tried:
DisableLog
var AddrStop
mov AddrStop, 0x6D7853E4
start:
findallmem (0x10000, "47 45 54 20 2F")
cmp $ result, 0
jne positiv_result
esto
esto
esto
esto
esto
esto
esto
esto
esto
esto
cmp EIP, AddrStop
je negativ_result
jmp start
positiv_result:
msg "data found"
Enablelog
ret
negativ_result:
msg "not found data"
Enablelog
retand at the end of the night, using findallmem took 20 seconds
Then you can use DbgEval and the reference expression functions:
If I had to search only in the code section, I would not have a question.
I wanted too much from PythonScript. I am sure that in the ScriptDLL I will not have a similar question. Thank you for your time.
mrexodia
commented
5 years ago I am quite baffled. First you act very rude. Then I give you two full solutions to your problem and you don’t even bother reading.
The expression ref.addr(0) will give the first result of findmemall, ref.addr(1) the second. Just read the fucking manual.
Additionally I implemented everything in python and you just fully ignore this. I read the topic on exelab and I thought I might have jumped to the conclusion to quickly that you are a rude cunt who doesn’t take time to read an answer or figure out something, but I see I shouldn’t have bothered giving free support and just leave the question closed.
BedolagaEvgen
commented
5 years ago Dear, if your parents mocked you, this is not a reason to insult me.
mrexodia
commented
5 years ago So Ctrl+B in the memory map doesn’t work? This is using findmemall.
In the last day (eg after you collectively agreed the features don’t exist) I implemented everything in python. Did you try this?
Just read the comments again, your answer is already here, in two different working approaches. I tested it myself.
On Wed, 4 Sep 2019 at 10:46, BedolagaEvgen notifications@github.com wrote:
Dear, if your parents mocked you, this is not a reason to insult me.
- You suggested ways to bypass unrealized functionality (due to your reluctance or features of Python), which, even if it works, will do it badly.
- Regarding the "Expression Functions - References" I understood you, but, I repeat, the repeated call to "findmemall" is incorrect.
- It was not only I who came to the conclusion about the unrealization, but also a significant number of advanced programmers. Good luck!
— You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub https://github.com/x64dbg/x64dbgpy/issues/38?email_source=notifications&email_token=AASYFGKV637XDBGYPUSOX33QH5YWPA5CNFSM4IPIK2J2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD522ZBQ#issuecomment-527805574, or mute the thread https://github.com/notifications/unsubscribe-auth/AASYFGMWIY4556MF4VH4MR3QH5YWPANCNFSM4IPIK2JQ .
BedolagaEvgen
commented
5 years ago Closed
Ahmadmansoor
commented
5 years ago Did you check AdvancedScript plugin, it will solve ur problems. :)
BedolagaEvgen
commented
5 years ago @Ahmadmansoor Faced with the need to expand the functionality of the usual (built-in) scripting engine, I considered your product as an option. Writing ScriptDLL solves my problem completely. Thank you for reminding yourself! ;)
BedolagaEvgen
commented
4 years ago Thanks for fixing pluginsdk. Hopefully no one else will be fooled.
Hello! I need to implement a memory search from a script similar to this:
, the result of which is this: 
I found several functions that should help me with this:
Using:
I get the following:
Question:
Or should my problem be solved in another way?