#1
|
||||
|
||||
[C++] Pattern Scanner
I wrote a pattern scanner that makes use of C++11 features a while back and decided to adjust it to no longer require a mask be passed with it. Instead, the pattern is parsed for wildcards and handled accordingly.
This should be cross-platform and 64bit friendly. PHP Code:
PHP Code:
|
#2
|
||||
|
||||
A version in C# that I made for my Steamless project:
PHP Code:
Code:
https://github.com/atom0s/Steamless |
The Following User Says Thank You to atom0s For This Useful Post: | ||
CryptXor (02-10-2016) |
#3
|
|||
|
|||
Here is a version I did. It supports nibble wildcards for the more fine-grained users. It also has a parallel signature scanner.
https://github.com/mrexodia/PatternFinder |
The Following User Says Thank You to mr.exodia For This Useful Post: | ||
atom0s (02-11-2016) |
#4
|
||||
|
||||
Just a question, but have you ever really put the nibble support to use much? I personally never found it useful in scanners and felt it just added bloat to the code for something that could just be a full wildcard byte. Just wondering what some situations are that others found it useful.
|
#5
|
|||
|
|||
@atom0s: sure, I mainly use it for a more fine-grained matching on instructions with wildcard registers, for example FF D0 (call eax), for call reg you need to match FF D?, so without nibbles you would match on FF and this also matches a lot of other shit (invalid instructions, inc [reg], call [] etc). I agree that in signature matching it isn't quite useful, but if you need to find the next 'call reg' in a reliable way you need nibble matching. Same applies to 'push reg'.
Obviously if you feel it's a bloat you shouldn't use it I just commented so other people don't have to implement it themselves. Greetings |
The Following User Says Thank You to mr.exodia For This Useful Post: | ||
tonyweb (02-15-2016) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Reversing Key using pattern | Maltese | General Discussion | 11 | 11-16-2007 19:49 |
pattern matching algorithm | OHPen | General Discussion | 9 | 10-10-2003 05:11 |