In Cheat Engine we can use "??" as wildcards and those are placeholders for any byte.
What is a wildcard in python?
import pymem
def search_pattern_in_dll(process_name, dll_name, pattern):
process = pymem.Pymem(process_name)
# Find the base address of the specified DLL
dll_base_address = 0
for module in process.list_modules():
if module.name.lower() == dll_name.lower():
dll_base_address = module.lpBaseOfDll
break
if not dll_base_address:
print(f"Error: DLL '{dll_name}' not found in the process.")
return
# Read the entire DLL's memory
dll_memory = process.read_bytes(dll_base_address, module.SizeOfImage)
# Search for the pattern in the DLL's memory
position = dll_memory.find(bytes(pattern))
if position != -1:
address = dll_base_address + position
print(f"Pattern found at address: 0x{address:X}")
else:
print("Pattern not found.")
# Example usage
process_name = "app.exe"
dll_name = "module.dll"
pattern = [0x00, None, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x8F, 0xE4, 0xF7, 0xFB, 0x7F, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD0, 0x60, 0x96, 0xB6, 0x3F, 0x04, 0x00, 0x00,
0x40, 0xFC, 0x6B, 0xB1, 0x3F, 0x04, 0x00, 0x00, 0xA0, 0x63, 0x6A, 0xB6, 0x3F, 0x04, 0x00]
search_pattern_in_dll(process_name, dll_name, pattern)
I tried giving None but this doesn't work.