Code modding with flair. A set of C# libraries for helping interact with native code.
A signature scanning library, based off of pelite's pattern format.
Assumes you are injected into the target process and the target process is a x64 Windows application. Some features assume compiler quirks (e.g. MSVC function padding with 0xCC). Signatures can be assembled from their class forms, or parsed from a string. The following commands are available:
- Whitespace is ignored. Comments (
#) ignore the rest of the line. - Match a literal byte by typing its two-letter hex representation (e.g.
E8). - Match displacements/offsets using the characters
%(1 byte),&(2 byte), and$(4 byte).- A
callinstruction can be represented asE8 $.
- A
- Match 8-byte absolute pointers with the
*character. - Follow displacements with the
{ }operator.- For example,
E8 $ { more stuff here }will match a function that calls the function matched inside of the braces.
- For example,
- Execute multiple possible subpatterns with the
( )operator.- Separate subpatterns with
|.
- Separate subpatterns with
- Skip a byte with
??, or skip multiple with[ ].??for one byte,[number]for multiple (e.g.[4]).- Square brackets support ranges (e.g.
[4-8]).
- Skip an unknown number of bytes with
@.- This will repeat a search until it encounters a
CC, which MSVC uses to pad functions.
- This will repeat a search until it encounters a
- Save to the return array with
\.- Loads are currently unimplemented, but the
startOverrideargument can be passed toSignatureScanner#Scanto start the search at a specific address.
- Loads are currently unimplemented, but the
- Match UTF-8 string literals with quotes (e.g.
"Hello, world!").