added address scan for PatternScanner

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 18 insertions, 0 deletions

diff --git a/MemDriverLib/PatternScanner.cpp b/MemDriverLib/PatternScanner.cpp
index 0e98c10..aa54a9b 100644
--- a/MemDriverLib/PatternScanner.cpp
+++ b/MemDriverLib/PatternScanner.cpp
@@ -214,4 +214,19 @@ bool PatternScanner::Scan(MODULE_DATA& module, const char * const pattern, std::
 	}
 
 	return result;
+}
+
+bool PatternScanner::ScanForAddress(HANDLE targetPID, MODULE_DATA& module, PatternScanner *pscan, const char * const pattern, std::function<bool(SIZE_T)> callback)
+{
+	std::vector<SIZE_T> foundAddresses;
+
+	pscan->Scan(module, "48 8B 48 20 48 8B 01 FF 90 20 01 00 00", foundAddresses);
+
+	for (auto& addr : foundAddresses) {
+		if (callback(addr)) {
+			return true;
+		}
+	}
+
+	return false;
 }
\ No newline at end of file
diff --git a/include/PatternScanner.h b/include/PatternScanner.h
index d374d29..22b865b 100644
--- a/include/PatternScanner.h
+++ b/include/PatternScanner.h
@@ -4,6 +4,7 @@
 
 #include <string>
 #include <vector>
+#include <functional>
 
 
 typedef bool(*map_file_cb)(SymbolResolver& symres, IN MODULE_DATA&, OUT PVOID * const,
@@ -40,6 +41,8 @@ public:
 		m_LowAddress = startAddress;
 	}
 	bool Scan(MODULE_DATA& module, const char * const pattern, std::vector<SIZE_T>& foundAddresses);
+	static bool ScanForAddress(HANDLE targetPID, MODULE_DATA& module, PatternScanner *pscan, const char * const pattern, std::function<bool(SIZE_T)> callback);
+
 private:
 	bool checkPattern(MODULE_DATA& module, const char * const pattern, std::string& result);
 	bool doScan(std::string& pattern, UINT8 *buf, SIZE_T size, std::vector<SIZE_T>& foundAddresses);