Created
February 26, 2025 11:40
-
-
Save namtx/1cc4222115186f442baf1ecea7a9bc22 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import zlib | |
| import pymem | |
| pm = pymem.Pymem("RepairPartner.exe") | |
| # scan pattern for 0x78 0x9c | |
| pattern = b"\x78\x9c" | |
| # find all occurrences of the pattern | |
| occurrences = pm.pattern_scan_all(pattern, return_multiple = True) | |
| # from the second occurent, check if all bytes from the last occurence to the current one is a valid zlib compressed data | |
| for i in range(1, len(occurrences)): | |
| last_occurrence = occurrences[i-1] | |
| current_occurrence = occurrences[i] | |
| if zlib.decompress(pm.read_bytes(last_occurrence, current_occurrence - last_occurrence)) == b"123": | |
| print(f"Valid zlib compressed data found at {current_occurrence}") | |
| print(occurrences) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment