pattern scan with regex

[pseuxide]

background

toy-arms' pattern scanning has been significantly slow, therefore I replaced it with the way uses regex.

progress

external replacement is done so far.
internal is waiting to be done

[ghost]

Did you test if that fix the problem with get_module_handle?
https://github.com/pseuxidal/toy-arms/blob/484aef39541fb2bae0ea750cd4ee5e48e601024f/src/internal/utils.rs#L65-L68

With the current implementation, it keeps failing randomly. (pretty annoying)

PS: after extensive testing, the bug come from your get_module_handle function. I handle it another way (way simpler) and no more fail.

[pseuxide]

@codecheck01 I'm sorry for replying late.
I've been concentrating other things last few weeks.

Thanks for the information. I barely remember that the bug is originally occurring in the GetModuleHandleA which being exported by retep998/winapi-rs. It randomly returns 0 even when the target surely loads the particular module. That loop 'try invoke it 100 times till get handle' is the work-around I took.

[ghost]

@pseuxide I should tell you, that I'm not using winapi-rs, but windows-rs instead.

But still your get_module_handle function is 100% wrong (no loop needed). Otherwise, the current implementation of pattern scanning works great, still waiting to see the better one with regex 😃 (I'm using internal).

[pseuxide]

I of course used to try windows-rs out before. If im not mistaken, it has drawback around type which u can't easily type punning from its exported type like HMODULE to something like usize. (i dont remember clearly tho)
But, yeah you are right you should use windows-rs cuz it's official. I'll shift to it when the major version is released.

Let me know if u get to know why my get_module_handle is malfunctioning

[ghost]

I of course used to try windows-rs out before. If im not mistaken, it has drawback around type which u can't easily type punning from its exported type like HMODULE to something like usize. (i dont remember clearly tho) But, yeah you are right you should use windows-rs cuz it's official. I'll shift to it when the major version is released.

Let me know if u get to know why my get_module_handle is malfunctioning

@pseuxide

Here is my get_module_handle (do not crash/fail):

fn get_module_handle(module_name: PCSTR) -> Result<HINSTANCE, Error> {
    let hinstance = unsafe { GetModuleHandleA(module_name) }?;

    if hinstance.is_invalid() {
        Err(unsafe { GetLastError().into() })
    } else {
        Ok(hinstance)
    }
}

[pseuxide]

ughh I have been fullsent on my actual job, but finally somewhat completed internal part. I'll merge this once I make sure all examples work fine.
I found that Ive created so many bugs in this crate lol. I need to fix them too. Forgive me, Rust is overwhelming to me.

[ghost]

@pseuxide, Nice, I just got the notification, is there any bugs, is it safe to use in production?

[pseuxide]

Alright, give me a day and a half, u see another pending PR which I need to complete. sorry for making u wait...i was too lazy to write Rust
P.S I promiss ill strive this time.

[pseuxide]

@codecheck01
Ive merged the PR. developed, and tested at least x86 arch and confirm its ok.
But as other said this lib's read is not that rich. I implemented memory protect circumvent this time, but let's say if u wanna read bigger than single memory page, u should perform VirtualProtect or ZwProtectVirtualMemory or whatever u choose to change its right.