Exetools  

Go Back   Exetools > General > Source Code
Reload this Page [C++] C++11 Signature Scanning
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #9  
Old 01-19-2015, 03:40
atom0s's Avatar
atom0s atom0s is offline
Family
  
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 431
Rept. Given: 26
Rept. Rcvd 130 Times in 67 Posts
Thanks Given: 54
Thanks Rcvd at 837 Times in 306 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Ah interesting, I'll take their examples and add it to my tester and see what I get out of them. I can post the results here later on too.

As for the portability / 64bit questions and comments, here is mine that should work on both now:
PHP Code:
/**
 * @brief Scans a given chunk of data for the given pattern and mask.
 *
 * @param data          The data to scan within for the given pattern.
 * @param baseAddress   The base address of where the scan data is from.
 * @param lpPattern     The pattern to scan for.
 * @param pszMask       The mask to compare against for wildcards.
 * @param offset        The offset to add to the pointer.
 * @param resultUsage   The result offset to use when locating signatures that match multiple functions.
 *
 * @return Pointer of the pattern found, 0 otherwise.
 */
static intptr_t FindPattern(std::vector<unsigned chardataintptr_t baseAddress, const unsigned charlpPattern, const charpszMaskintptr_t offsetintptr_t resultUsage)
{
    // Build vectored pattern..
    std::vector<std::pair<unsigned charbool>> pattern;
    for (size_t x 0strlen(pszMask); yx++)
        pattern.push_back(std::make_pair(lpPattern[x], pszMask[x] == 'x'));
 
    auto scanStart data.begin();
    auto resultCnt 0;
 
    while (true)
    {
        // Search for the pattern..
        auto ret std::search(scanStartdata.end(), pattern.begin(), pattern.end(),
            [&](unsigned char currstd::pair<unsigned charboolcurrPattern)
        {
            return (!currPattern.second) || curr == currPattern.first;
        });
 
        // Did we find a match..
        if (ret != data.end())
        {
            // If we hit the usage count, return the result..
            if (resultCnt == resultUsage || resultUsage == 0)
                return (std::distance(data.begin(), ret) + baseAddress) + offset;
 
            // Increment the found count and scan again..
            ++resultCnt;
            scanStart = ++ret;
        }
        else
            break;
    }
 
    return 0;

I used the following to test compiling and running on Linux:
Code:
http://www.tutorialspoint.com/compile_cpp11_online.php
I'll post the full benchmark once I have time to sit down and add all the other tests to mine and adjust as needed for how mine works.
Reply With Quote
The Following User Gave Reputation+1 to atom0s For This Useful Post:
b30wulf (01-19-2015)
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
openssl signature for ida skyper General Discussion 10 03-19-2012 17:33


All times are GMT +8. The time now is 13:26.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )