Thread: Question about using memcmp ()

Hi,

I do try to write a function like this one:
This is only a sample - I don't post the whole code, because it will be useless info:

Code:

BYTE *bBuffer = 0;

bBuffer = (LPBYTE)GlobalAlloc(GMEM_FIXED, ModInfo.SizeOfImage+1);//allocating of memory

ReadProcessMemory(hProcess, ModInfo.lpBaseOfDll, bBuffer, ModInfo.SizeOfImage, &cbRead);

for( i = 0; i < ModInfo.SizeOfImage; i++)
if (!memcmp(&bBuffer[i], bPattern, 10))// we have a match
 {	
								
// we calculate lpBaseOfDll (beginning addr. of executable module +  i)

DWORD dwPatchAddress = (DWORD)ModInfo.lpBaseOfDll + i;
// we replace
WriteProcessMemory(hProcess, (LPVOID)dwPatchAddress, LPVOID(szReplaceBytes), 10, &cbRead);
CloseHandle(hProcess);
MessageBox(NULL,"Done!","OK",MB_OK|MB_ICONINFORMATION);
break;
}

Normally I need to include a condition if there is no match with bPattern : MessageBox(something) -> break;
but when I write such - I get it always even if there is a match with bPattern and I don't understand why..
Does anyone of you have an idea how to make it work...?

You mean that this

Code:

if (!memcmp(&bBuffer[i], bPattern, 10))// we have a match

is always true?

[edit]
Perhaps the data is always the same, because you seem to be using memcmp() correctly: http://www.cprogramming.com/fod/memcmp.html
[/edit]

The problem is that condition number 2 is what I run into even if there is a match.

Well then you must not be passing memcmp() the right values. (Either that or there wasn't really a match. Perhaps there is a discreprency in the first 10 bytes of data?)

Why don't you print (or pop up a message box with) the values of the data before you compare them? Then you can see if they really match.

Or just fire up your debugger.