background

toy-arms' pattern scanning has been significantly slow, therefore I replaced it with the way uses regex.

progress

external replacement is done so far. internal is waiting to be done

Hello! First and foremost- Great project!

It has basically everything I need, although I wanted to check if you could potentially implement a function for performing AoB (Array of Byte) scans? Since that's what I'm working with over SIG/Pattern ones.

Hello, there was some issues with the tests so I didn't get to try - although, there shouldn't be any issue. If there is please tell me and I'll take care of it.

Also, why not reimplement the pattern scanner as following?

    /// Find `pattern` indice in `self.size`-sized raw parts of `self.bytes`, returns either
    /// `Pointer<T>` or `std::io::Error`
    ///
    /// # Arguments
    ///
    /// `pattern` - Array, can contain wildcard (`0`) which'll be ignored in matching
    ///
    /// # Example
    ///
    /// ```
    /// module.find_pattern_bytes::<u8>(b"\x55\x8B\xEC").expect("Failed finding prologue")
    /// ```
    ///
    /// # Safety
    ///
    /// Computes `from_raw_parts` from raw pointer of `self.size` and walks section,
    /// which is considered `unsafe`
    pub fn find_pattern_bytes<T>(&self, pattern: &[u8]) -> Result<Pointer<T>, Error> {
        /// Custom predicate for iterator position finder
        fn match_with_wildcard(wildcard_array: &[u8], memory_view: &[u8]) -> bool {
            !wildcard_array
                .iter()
                .zip(memory_view)
                .map(|x| if *x.0 == 0 { true } else { *x.0 == *x.1 })
                .any(|x| !x)
        }

        let indice = unsafe {
            std::slice::from_raw_parts(self.get_bytes(), self.get_size() - pattern.len())
                .windows(pattern.len())
                .position(|x| match_with_wildcard(pattern, x))
                .ok_or(Error::new(
                    ErrorKind::InvalidData,
                    format_args!(
                        "Failed finding subsequence {:x?} in slice sequence",
                        pattern
                    )
                    .to_string(),
                ))?
        };

        Ok(Pointer::new((self.get_bytes() as usize + indice) as _))
    }

    /// This is a wrapper for it's [base function](Module::find_pattern_bytes)
    ///
    /// # Arguments
    ///
    /// `pattern` - String which'll get split by whitespaces. If a resulting substring
    /// contains `'?'`, it'll be mapped to `0` in the iterator, otherwise, it'll be turned into it's
    /// hexadecimal form. If it's not contained within hexadecimal alphanumerical bounds, it'll
    /// panic
    pub fn find_pattern<T>(&self, pattern: &str) -> Result<Pointer<T>, Error> {
        fn string_to_vec(pattern: &str) -> Vec<u8> {
            pattern
                .split_whitespace()
                .map(|x| {
                    if x.contains('?') {
                        0
                    } else {
                        u8::from_str_radix(x, 16)
                            .expect("Substring not contained within hexadecimal alphanumeric form")
                    }
                })
                .collect()
        }

        self.find_pattern_bytes(string_to_vec(pattern).as_slice())
    }

I do it like that personally. Should also work on externals with little modification inside the find_pattern_bytes based on cfg.

How does one do this? There are no example's for this specific thing, only for reading and writing patterns. In C++ it would go like this:

namespace mem {
    template<typename T>
    void write(DWORD64 addr, T value) {
        *((T*)addr) = value;
    }
}

mem::write<int>(localPlayer + offsets::playerHealth, 1337);

but it doesnt work the same way in Rust or well, i dont know how to.

Hi. I'm trying to write a custom C struct to another process' memory, but it seems the write method only writes the size of size_of::<LPCVOID>() as SIZE_T regardless of value T's size.

Write method:

#[cfg(feature = "external")]
    pub fn write<T>(&self, base_address: usize, value: &mut T) -> Result<(), ToyArmsExternalError> {
        unsafe {
            let ok = WriteProcessMemory(self.process_handle, base_address as LPVOID, value as *mut T as LPCVOID, size_of::<LPCVOID>() as SIZE_T, null_mut::<SIZE_T>());
            if ok == FALSE {
                println!("{}", GetLastError());
                return Err(ToyArmsExternalError::WriteProcessMemoryFailed);
            }
        }
        Ok(())
    }

Would this be correct, or am I using the library wrong? Cheers

I attempted to write a simple external hack (for AssaultCube) following the example given:

use toy_arms::external::Process;
use toy_arms::external::{ write };
use toy_arms::VirtualKeyCode;

const HEALTH_OFFSET: u32 = 0xEC;

fn main() {
    let process = Process::from_process_name("ac_client.exe").expect("could not find process");
    println!("{:#?} {:#?} {:#?}", process.process_name, process.process_id, process.process_handle);

    loop {
        write::<u32>(
            process.process_handle,
            process.get_module_base(process.process_name).unwrap() + HEALTH_OFFSET as usize,
            &mut 0x100,
        ).unwrap();

        if toy_arms::detect_keypress(VirtualKeyCode::VK_INSERT) {
            break;
        }
    }
}

however this is the output given:

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: WriteMemoryFailed(UnknownError { error_code: 998 })', src\main.rs:16:11
stack backtrace:
   0: std::panicking::begin_panic_handler
             at /rustc/a8314ef7d0ec7b75c336af2c9857bfaf43002bfc/library\std\src\panicking.rs:584
   1: core::panicking::panic_fmt
             at /rustc/a8314ef7d0ec7b75c336af2c9857bfaf43002bfc/library\core\src\panicking.rs:142
   2: core::result::unwrap_failed
             at /rustc/a8314ef7d0ec7b75c336af2c9857bfaf43002bfc/library\core\src\result.rs:1785
   3: core::ptr::drop_in_place<std::rt::lang_start<()>::{{closure}}>
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
error: process didn't exit successfully: `target\release\RustGameHax.exe` (exit code: 101)

I could just be using the library the wrong way though

As of now when you only enable the feature "external", the compiler warns you about tons of unused function that is in pattern_scan_core.rs cuz it's only refer to by internal.rs. pattern scanning for external feature must be done.

resolves #10

workspace member description

• toy-arms_utils - common parts
• toy-arms_derive - derive macro
• internal - internal hack libs
• external - external hack libs

Todo:

• [x] All the migration
• [x] Example correction
• [x] bug fix
• [ ] Readme correction

detect_keypress function have to be added that would catches keyPRESS in addition to the function detects keyDOWN. Moreover, now we have detect_keydown function but it acrually catches keypress now, so it's supposed to be renamed to detect_keypress.

have to implement the handling where the modules' buffer that is meant to store module handles is smaller than required size. it's gonna be like call EnumProcessModules with bigger buffer.

I have a game that doesnt have any dll modules so i cannot use those, instead i need to take the base address of the game and add my offsets to it. How may i do this?