none
help find pattern in byte array RRS feed

  • Question

  • how use the function array of bytes

      Private  Function ByteSearch(ByVal searchIn As Byte(), ByVal searchBytes As Byte(), Optional ByVal start As Integer = 0) As Integer
            Dim found As Integer = -1
            Dim matched As Boolean = False
    
            If searchIn.Length > 0 AndAlso searchBytes.Length > 0 AndAlso start <= (searchIn.Length - searchBytes.Length) AndAlso searchIn.Length >= searchBytes.Length Then
    
                For i As Integer = start To searchIn.Length - searchBytes.Length
    
                    If searchIn(i) = searchBytes(0) Then
    
                        If searchIn.Length > 1 Then
                            matched = True
    
                            For y As Integer = 1 To searchBytes.Length - 1
    
                                If searchIn(i + y) <> searchBytes(y) Then
                                    matched = False
                                    Exit For
                                End If
                            Next
    
                            If matched Then
                                found = i
                                Exit For
                            End If
                        Else
                            found = i
                            Exit For
                        End If
                    End If
                Next
            End If
    
            Return found
        End Function


    Monday, September 9, 2019 10:06 PM

Answers

  • Hi

    Here is a complete example showing the creation of some valid search terms and how to search for them.

    Option Strict On
    Option Explicit On
    Public Class Form1
    	' load some random data file for use in example
    	Dim bytes() As Byte = IO.File.ReadAllBytes("C:\Users\lesha\Desktop\ARCHIVE.txt")
    	Dim lst As New List(Of Byte())
    	Dim r As New Random
    	Sub MakeData()
    		lst.Clear()
    		' make some valid byte groups (10 here)
    		For i As Integer = 0 To 9
    			' choose a start point some way into the source
    			Dim r1 As Integer = r.Next(50, bytes.Length \ 5 * 4)
    			' choose a random number of search Bytes
    			Dim r2 As Integer = r.Next(20, 60)
    			' store for search term
    			Dim b(r2) As Byte
    			Dim c As Integer = 0
    			' create search term
    			For j As Integer = r1 To r1 + r2
    				b(c) = bytes(j)
    				c += 1
    			Next
    			' store search term to a search list
    			lst.Add(b)
    		Next
    	End Sub
    	Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    		MakeData()
    		ListBox1.Items.Clear()
    		' perform a search for all terms stored
    		' and add location to ListBox1
    		For i As Integer = 0 To lst.Count - 1
    			ListBox1.Items.Add(ByteSearch(bytes, lst(i)))
    		Next
    	End Sub
    	Private Function ByteSearch(ByVal searchIn As Byte(), ByVal searchBytes As Byte()) As Integer
    		Dim f As Integer
    		For i As Integer = 0 To searchIn.Length - searchBytes.Length
    			If Not searchIn(i) = searchBytes(0) Then Continue For
    			f = searchBytes.Length - 1
    			While f >= 1 AndAlso searchIn(i + f) = searchBytes(f)
    				f -= 1
    			End While
    			If f = 0 Then Return i
    		Next
    		Return -1
    	End Function
    End Class


    Regards Les, Livingston, Scotland

    Tuesday, September 10, 2019 11:51 AM

All replies

  • Hi

    Here is one way

    Private Function ByteSearch(ByVal searchIn As Byte(), ByVal searchBytes As Byte()) As Integer
    	Dim f As Integer
    	For i As Integer = 0 To searchIn.Length - searchBytes.Length
    		If Not searchIn(i) = searchBytes(0) Then Continue For
    		f = searchBytes.Length - 1
    		While f >= 1 AndAlso searchIn(i + f) = searchBytes(f)
    			f -= 1
    		End While
    		If f = 0 Then Return i
    	Next
    	Return -1
    End Function

    .


    Regards Les, Livingston, Scotland


    • Edited by leshay Tuesday, September 10, 2019 12:07 AM
    Tuesday, September 10, 2019 12:06 AM
  • Hi

    Here is one way

    Private Function ByteSearch(ByVal searchIn As Byte(), ByVal searchBytes As Byte()) As Integer
    	Dim f As Integer
    	For i As Integer = 0 To searchIn.Length - searchBytes.Length
    		If Not searchIn(i) = searchBytes(0) Then Continue For
    		f = searchBytes.Length - 1
    		While f >= 1 AndAlso searchIn(i + f) = searchBytes(f)
    			f -= 1
    		End While
    		If f = 0 Then Return i
    	Next
    	Return -1
    End Function

    .


    Regards Les, Livingston, Scotland


    how search

      ByteSearch(buffer, {FF ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 01 00 })



    Tuesday, September 10, 2019 12:53 AM
  • Hi,

    Sorry but I'd like to ask you that do you want to realize how to call this ByteSearch function?If so, here are two solutions.

    If you use byte arrays, you can call ByteSearch directly.

    ByteSearch({"13", "01", "00"}, {"01", "00"})

    If you involve the conversion of String and Byte types, you can use classes under the System. Text. Encoding namespace.

            Dim str As String = "This is test string"
            Dim byteArray() As Byte = System.Text.Encoding.Default.GetBytes(str)
            Dim str1 As String = "string"
            Dim byteArray1() As Byte = System.Text.Encoding.Default.GetBytes(str1)
            MsgBox(ByteSearch(byteArray, byteArray1))

    If the result you want is not like this, please clarify your idea, we can help you more quickly.

    Best Regards,

    Julie


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, September 10, 2019 7:21 AM
  • Hi

    Here is a complete example showing the creation of some valid search terms and how to search for them.

    Option Strict On
    Option Explicit On
    Public Class Form1
    	' load some random data file for use in example
    	Dim bytes() As Byte = IO.File.ReadAllBytes("C:\Users\lesha\Desktop\ARCHIVE.txt")
    	Dim lst As New List(Of Byte())
    	Dim r As New Random
    	Sub MakeData()
    		lst.Clear()
    		' make some valid byte groups (10 here)
    		For i As Integer = 0 To 9
    			' choose a start point some way into the source
    			Dim r1 As Integer = r.Next(50, bytes.Length \ 5 * 4)
    			' choose a random number of search Bytes
    			Dim r2 As Integer = r.Next(20, 60)
    			' store for search term
    			Dim b(r2) As Byte
    			Dim c As Integer = 0
    			' create search term
    			For j As Integer = r1 To r1 + r2
    				b(c) = bytes(j)
    				c += 1
    			Next
    			' store search term to a search list
    			lst.Add(b)
    		Next
    	End Sub
    	Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    		MakeData()
    		ListBox1.Items.Clear()
    		' perform a search for all terms stored
    		' and add location to ListBox1
    		For i As Integer = 0 To lst.Count - 1
    			ListBox1.Items.Add(ByteSearch(bytes, lst(i)))
    		Next
    	End Sub
    	Private Function ByteSearch(ByVal searchIn As Byte(), ByVal searchBytes As Byte()) As Integer
    		Dim f As Integer
    		For i As Integer = 0 To searchIn.Length - searchBytes.Length
    			If Not searchIn(i) = searchBytes(0) Then Continue For
    			f = searchBytes.Length - 1
    			While f >= 1 AndAlso searchIn(i + f) = searchBytes(f)
    				f -= 1
    			End While
    			If f = 0 Then Return i
    		Next
    		Return -1
    	End Function
    End Class


    Regards Les, Livingston, Scotland

    Tuesday, September 10, 2019 11:51 AM
  • how use code with funtion 
        ' REQUIRED CONSTS
        Private Const PROCESS_QUERY_INFORMATION As Integer = 1024
        Private Const MEM_COMMIT As Integer = 4096
        Private Const PAGE_READWRITE As Integer = 4
        Private Const PROCESS_WM_READ As Integer = 16
    
        ' REQUIRED METHODS
        Public Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As IntPtr
        Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
        <DllImport("kernel32.dll", SetLastError:=True)> _
        Public Shared Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As System.UInt32, <Out()> ByRef lpNumberOfBytesWritten As Int32) As Boolean
        End Function
    
        Public Shared Function Poke(ByVal proc As Process, ByVal target As Integer, ByVal data As Byte()) As Boolean
            Return WriteProcessMemory(proc.Handle, New IntPtr(target), data, data.Length, 0)
        End Function
        Private Declare Sub GetSystemInfo Lib "kernel32.dll" (ByRef lpSystemInfo As SYSTEM_INFO)
        Private Declare Function VirtualQueryEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As UInteger) As Integer
    
        ' REQUIRED STRUCTS
        Public Structure MEMORY_BASIC_INFORMATION
            Public BaseAddress As IntPtr
            Public AllocationBase As IntPtr
            Public AllocationProtect As IntPtr
            Public RegionSize As Integer
            Public State As Integer
            Public Protect As Integer
            Public lType As Integer
        End Structure
    
        Public Structure SYSTEM_INFO
            Public processorArchitecture As System.UInt16
            Private reserved As System.UInt16
            Public pageSize As UInteger
            Public minimumApplicationAddress As IntPtr
            Public maximumApplicationAddress As IntPtr
            Public activeProcessorMask As IntPtr
            Public numberOfProcessors As UInteger
            Public processorType As UInteger
            Public allocationGranularity As UInteger
            Public processorLevel As System.UInt16
            Public processorRevision As System.UInt16
        End Structure
    
        Private byteviewer As System.ComponentModel.Design.ByteViewer
    
        Private Sub Button1_Click_1(sender As Object, e As EventArgs) Handles Button1.Click
    
            'Dim str As String = ListBox1.SelectedItem.ToString.Split(":")(0)
            'MsgBox(str)
            Dim sys_info As SYSTEM_INFO
            GetSystemInfo(sys_info)
            Dim proc_min_address As IntPtr = sys_info.minimumApplicationAddress
            Dim proc_max_address As IntPtr = sys_info.maximumApplicationAddress
    
            ' saving the values as long ints so I won't have to do a lot of casts later
            Dim proc_min_address_l As Long = CType(proc_min_address, Long)
            Dim proc_max_address_l As Long = CType(proc_max_address, Long)
    
            ' notepad better be runnin'
            Dim process As Process = process.GetProcessesByName("notepad")(0)
    
            ' opening the process with desired access level
            Dim processHandle As IntPtr = OpenProcess((PROCESS_QUERY_INFORMATION Or PROCESS_WM_READ), False, process.Id)
            Dim sw As StreamWriter = New StreamWriter("dump.txt")
    
            ' this will store any information we get from VirtualQueryEx()
            Dim mem_basic_info As MEMORY_BASIC_INFORMATION = New MEMORY_BASIC_INFORMATION
            Dim bytesRead As Integer = 0
            Dim ReturnValue As String = vbNullString
            Dim IsUnicode As Boolean = True
            ' number of bytes read with ReadProcessMemory
    
                    While (proc_min_address_l < proc_max_address_l)
                        ' 28 = sizeof(MEMORY_BASIC_INFORMATION)
                        VirtualQueryEx(processHandle, proc_min_address, mem_basic_info, 28)
                        ' if this memory chunk is accessible
                        If ((mem_basic_info.Protect = PAGE_READWRITE) AndAlso (mem_basic_info.State = MEM_COMMIT)) Then
    
                            Dim buffer() As Byte = New Byte((mem_basic_info.RegionSize) - 1) {}
                            ' read everything in the buffer above
                            ReadProcessMemory(CType(processHandle, Integer), mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, bytesRead)
    
                            Dim i As Integer = 0
                            Do While (i < mem_basic_info.RegionSize)
                                'sw.WriteLine("0x{0} : {1}", (mem_basic_info.BaseAddress + i).ToString("X"), CType(buffer(i), Char))
                        sw.WriteLine("0x{0} : {2}", (mem_basic_info.BaseAddress + i).ToString("X"), Microsoft.VisualBasic.AscW(buffer(i)))
                                i = (i + 1)
                            Loop
                        End If
    
                'move to the next memory chunk
                proc_min_address_l = (proc_min_address_l + mem_basic_info.RegionSize)
                proc_min_address = New IntPtr(proc_min_address_l)
    
                    End While
    
                    sw.Close()
                    'Console.ReadLine()
        End Sub

    Hi

    Is your entire project a COPY and PASTE one?


    Regards Les, Livingston, Scotland


    • Edited by leshay Wednesday, September 11, 2019 11:13 AM
    Wednesday, September 11, 2019 11:13 AM
  • no I want to understand how to handle this is not my project sir

    Hi

    I suspect that the code you posted is copied. I also think that your basic understanding is not sufficient for the code and type of project you are attempting to create.


    Regards Les, Livingston, Scotland

    Wednesday, September 11, 2019 12:20 PM
  • no I want to understand how to handle this is not my project sir

    Hi

    I suspect that the code you posted is copied. I also think that your basic understanding is not sufficient for the code and type of project you are attempting to create.


    Regards Les, Livingston, Scotland

    Yes indeed so I want to help you
    Wednesday, September 11, 2019 12:38 PM

  • Yes indeed so I want to help you

    Hi

    Ple3ase explain what you want your project to do.

    Explain what controls will be used.

    Explain what any Button clicks need to do.

    Explain any data used.

    Explain everything you want to do.


    Regards Les, Livingston, Scotland

    Wednesday, September 11, 2019 12:51 PM

  • Yes indeed so I want to help you

    Hi

    Ple3ase explain what you want your project to do.

    Explain what controls will be used.

    Explain what any Button clicks need to do.

    Explain any data used.

    Explain everything you want to do.


    Regards Les, Livingston, Scotland

    I want to do a project like memory viewer from processAlready reached for this but the problem comes on byte set does not show the result like memory viewer
    Wednesday, September 11, 2019 1:07 PM
  • I want to do a project like memory viewer from processAlready reached for this but the problem comes on byte set does not show the result like memory viewer

    Hi

    Sorry, but you have not answered my questions.


    Regards Les, Livingston, Scotland

    Wednesday, September 11, 2019 1:24 PM