📄 searchstring_asm_routine.txt
字号:
MemoryBlock Search Routine in PURE ASM (107 Bytes)
Routine Written by Timothy Slater
SPEED:
Can Scan a 1.1MB memory block for a 20 byte sequence in 15-31ms
USE:
PUSH (LengthOfSearchString)
PUSH (Pointer to SearchString)
PUSH (Pointer to MemoryBlock)
PUSH (Pointer to ReturnValue Variable) / NOTE: before running routine this variable must
contain the size of MemoryBlock
PUSH ReturnAddress
CallWindowProcA ( pointer to ASM array, pointer to ReturnValue, pointer to MemoryBlock, pointer to SearchString, SearchString length)
*MemoryBlock is an array of bytes filled by ReadProcessMemory
*ReturnValue is set to the size of the MemoryBlock before the call to the routine.
pushad ; Push registers to stack
xor ecx,ecx ; clear ECX register (counter)
testing_00401BC3:
mov edi,dword ptr ss:[esp+024h] ; mov pointer to BlockSize into EDI
mov esi,dword ptr ss:[esp+030h] ; mov pointer to SearchSize into ESI
push ecx ; push current offset to stack
add ecx,esi ; add SearchSize to current offset
cmp ecx,dword ptr ss:[edi] ; compare result to BlockSize
jg @testing_00401C23 ; If greater than, we've search whole block
pop ecx ; restore offset to ECX
mov edi,dword ptr ss:[esp+028h] ; mov MemoryBlock pointer to EDI
mov esi,dword ptr ss:[esp+02ch] ; mov SearchString pointer to ESI
push ecx ; save current offset to stack
mov al,byte ptr ds:[ecx+edi] ; mov next byte from MemoryBlock to AL
mov cl,byte ptr ds:[esi] ; mov first byte of search string to CL
add dword ptr ds:[esp],1 ; increment MemoryBlock offset (on stack)
cmp al,cl ; compare 2 bytes to see if they match
pop ecx ; restore offset to ECX
jnz @testing_00401BC3 ; if match not found, loop
mov esi,dword ptr ss:[esp+030h] ; mov SearchString length to ESI
cmp esi,1 ; compare to 1 byte length
je @testing_00401C1b ; if 1 byte long we found it... jump
xor edx,edx ; clear EDX (SearchString Offset)
mov dl,1 ; DL here stores number of matched bytes (1)
testing_00401BFD
cmp edx,esi ; compare to searchstring length, have we found whole string?
jge @testing_00401C19 ; if so, exit routine giving offset
mov ebx,dword ptr ss:[esp+02ch] ; mov pointer to SearchString into EBX
mov al,byte ptr ss:[ecx+edi] ; mov next byte from memory block
mov ah,byte ptr ss:[edx+ebx] ; mov next byte from searchstring
add ecx,1 ; increase offset
cmp al,ah ; compare two bytes
jnz @testing_00401BC3 ; if they don't match, begin searching for 1st byte again
add edx,1 ; increase offset for SearchString
jmp @testing_00401BFD ; Loop to find next char
testing_00401C19:
sub ecx,edx ; subtract searchstring length from offset
testing_00401C1B:
mov edx,dword ptr ss:[esp+024h] ; mov pointer to ReturnValue variable into EDX
mov dword ptr ds:[edx],ecx ; mov Offset value to [EDX]
popad ; restore Registers
ret ; Return
testing_00401C23:
pop ecx ; restore offset to ECX
mov ecx,-1 ; mov ECX -1 to show not found
jmp @testing_00401C1b ; jump to exit routine
ASM STRING:
"6033C98B7C24248B7424305103CE363B0F7F50598B7C24288B74242C518A04398A0E3E830424013AC15975D78B74243083FE010F84D4FF0F0033D2B2013BD67D188B5C242C368A0439368A241A83C1013AC475AF83C201EBE42BCA8B542424890A61C359B9FFFFFFFFEBF0"
put this into a byte array and use the CallWindowProcA method above.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -