I like to replace the static function address:
AddressOfHookSoundFunction = (DWORD)GetModuleHandleA("myfile.exe") + 0x0F3B65; // good: 4406117 (integer) using signature pattern:
SigScan Scanner; AddressOfHookSoundFunction = Scanner.FindPattern("myfile.exe", "\x55\x8B\xEC\x83\xEC\x14\x53\x56\x8B", "xxxxxxxxx"); // bad: 3685831 (integer) but the value is different and work only the static address: 0x0F3B65
here the IDA screenshot:
Probably I have insert a wrong dump information.
here the code of signature scanning:
class SigScan { public: // For getting information about the executing module MODULEINFO GetModuleInfo(char *szModule) { MODULEINFO modinfo = { 0 }; HMODULE hModule = GetModuleHandleA(szModule); if (hModule == 0) return modinfo; GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO)); return modinfo; } // for finding a signature/pattern in memory of another process DWORD FindPattern(char *module, char *pattern, char *mask) { MODULEINFO mInfo = GetModuleInfo(module); DWORD base = (DWORD)mInfo.lpBaseOfDll; DWORD size = (DWORD)mInfo.SizeOfImage; DWORD patternLength = (DWORD)strlen(mask); for (DWORD i = 0; i < size - patternLength; i++) { bool found = true; for (DWORD j = 0; j < patternLength; j++) { found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j); } if (found) { return base + i; } } return NULL; } }; Can you help me please ?
