C ++签名扫描器输出错误
[英]C++ Signature Scanner output wrong
问题描述
I'm making a Signature Scanner in c++, and to test it out I am injecting into steam and comparing the first 10 bytes. 
我正在用c ++制作一个签名扫描器,为了进行测试,我将注入蒸汽并比较前10个字节。
#define sig "\x4D\x5A\x90\x00\x03\x00\x00\x00\x04\x00\x00"
When I arrived to the 3rd byte x90, the output I am getting was: 当我到达第三个字节x90时,我得到的输出是:
steam: \x4D\x5A\x90\x00\x03\x00\x00\x00\x04\x00\x00
sig: \x4D\x5A\xFFFFFF90\x00\x03\x00\x00\x00\x04\x00\x00
Here is my entire source: 这是我的全部资料:
#include <Windows.h>
#include <stdio.h>
#include <Psapi.h>
#define sig "\x4D\x5A\x90\x00\x03\x00\x00\x00\x04\x00"
#pragma comment( lib, "Psapi" )
HANDLE thread = NULL;
DWORD getImageSize( MEMORY_BASIC_INFORMATION &memInfo )
{
if( !VirtualQuery( GetModuleHandleA(NULL), &memInfo, sizeof( memInfo ) ) )
return 0x00;
IMAGE_DOS_HEADER *dosHeader = (IMAGE_DOS_HEADER *)memInfo.AllocationBase;
IMAGE_NT_HEADERS *peHeader = (IMAGE_NT_HEADERS *)((unsigned long)dosHeader + (unsigned long)dosHeader->e_lfanew);
if( peHeader->Signature != IMAGE_NT_SIGNATURE )
return 0x00;
return peHeader->OptionalHeader.SizeOfImage;
}
DWORD scan( HANDLE hProc, const DWORD length = 0x200, DWORD base = 0x00 )
{
if(!base )
return base;
if( AllocConsole() )
AttachConsole( GetCurrentProcessId() );
freopen( "CON", "w", stdout );
SetConsoleTitleW( L"Test Console" );
MEMORY_BASIC_INFORMATION memInfo;
int sigLength = sizeof( sig );
const DWORD size = getImageSize( memInfo );
unsigned char *pBase;
pBase = (unsigned char *)base;
printf( "Size = %d\n", size );
if( !size )
return size;
for( int i(0); i < size; i++ )
{
printf( "\\x%02X", pBase[i] );
printf( "\\x%02X", (unsigned char *)sig[i] );
if( i && (i % 10 == 0))
system( "PAUSE" );
if( pBase[i] == sig[i] )
{
for( int j(i), k(0); k < sigLength; j++, k++ )
{
if( sig[k] == '?' )
continue;
if( pBase[j] != sig[k] )
break;
if( j == (sigLength-1) )
return (DWORD)&pBase[i];
}
}
}
printf( "\n" );
system( "PAUSE" );
return 0x00;
}
BOOL WINAPI DllMain ( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
{
if( dwReason == DLL_PROCESS_ATTACH )
{
DWORD base = (DWORD)GetModuleHandleA( NULL );
scan( GetCurrentProcess(), 0x200, base );
}
return TRUE;
}
The only thing I could think of is that the value is being seen as signed, but doesn't %02X make it unsigned? 我唯一能想到的就是该值被视为带符号的,但是%02X不会使它变为无符号的吗?
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 已采纳 2014-02-28 01:42:36
The format specifier, %02X , says to print the value using uppercase hex letters. 格式说明符%02X表示要使用大写十六进制字母打印该值。 Nothing about signed or unsigned. 与已签名或未签名无关。
If you want unsigned, you can use the argument h or hh , as in the printf format specifiers. 如果要无符号,则可以使用参数h或hh ,如在printf格式说明符中一样。
I personally would cast the argument to unsigned in the call to {f}printf. 我个人会在对{f} printf的调用中将参数转换为unsigned。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.