From 0523eb1b7b6a28674d5ced300b5163aad84e53a0 Mon Sep 17 00:00:00 2001 From: zeffy Date: Mon, 26 Mar 2018 02:35:32 -0700 Subject: [PATCH] Update patternfind.c --- src/wufuc/patternfind.c | 79 +++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 23 deletions(-) diff --git a/src/wufuc/patternfind.c b/src/wufuc/patternfind.c index 4815375..67980d9 100644 --- a/src/wufuc/patternfind.c +++ b/src/wufuc/patternfind.c @@ -3,7 +3,9 @@ static inline bool isHex(char ch) { - return (ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'F') || (ch >= 'a' && ch <= 'f'); + return (ch >= '0' && ch <= '9') + || (ch >= 'A' && ch <= 'F') + || (ch >= 'a' && ch <= 'f'); } static inline int hexchtoint(char ch) @@ -17,10 +19,14 @@ static inline int hexchtoint(char ch) return -1; } -static inline size_t formathexpattern(const char *patterntext, char *formattext, size_t formattextsize) +static inline size_t formathexpattern(const char *patterntext, + char *formattext, + size_t formattextsize) { - size_t len = strlen(patterntext); + size_t len; size_t result = 0; + + len = strlen(patterntext); for ( size_t i = 0; i < len; i++ ) { if ( patterntext[i] == '?' || hexchtoint(patterntext[i]) != -1 ) { if ( formattext && result + 1 < formattextsize ) @@ -44,18 +50,24 @@ static inline size_t formathexpattern(const char *patterntext, char *formattext, return result; } -bool patterntransform(const char *patterntext, PatternByte *pattern, size_t patternsize) +bool patterntransform(const char *patterntext, + PatternByte *pattern, + size_t patternsize) { + size_t len; + size_t size; + char *formattext; + PatternByte newByte; + memset(pattern, 0, patternsize * (sizeof *pattern)); - size_t len = formathexpattern(patterntext, NULL, 0); + len = formathexpattern(patterntext, NULL, 0); if ( !len || len / 2 > patternsize ) return false; - size_t size = len + 1; - char *formattext = malloc(size); + size = len + 1; + formattext = malloc(size); formathexpattern(patterntext, formattext, size); - PatternByte newByte; for ( size_t i = 0, j = 0, k = 0; i < len && k <= patternsize; i++ ) { if ( formattext[i] == '?' ) { //wildcard @@ -78,14 +90,16 @@ bool patterntransform(const char *patterntext, PatternByte *pattern, size_t patt static inline bool patternmatchbyte(uint8_t byte, const PatternByte pbyte) { int matched = 0; + uint8_t n1; + uint8_t n2; - uint8_t n1 = (byte >> 4) & 0xF; + n1 = (byte >> 4) & 0xF; if ( pbyte.nibble[0].wildcard ) matched++; else if ( pbyte.nibble[0].data == n1 ) matched++; - uint8_t n2 = byte & 0xF; + n2 = byte & 0xF; if ( pbyte.nibble[1].wildcard ) matched++; else if ( pbyte.nibble[1].data == n2 ) @@ -96,10 +110,13 @@ static inline bool patternmatchbyte(uint8_t byte, const PatternByte pbyte) size_t patternfind(uint8_t *data, size_t datasize, const char *pattern) { - size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2; - PatternByte *searchpattern = calloc(searchpatternsize, sizeof(PatternByte)); - + size_t searchpatternsize; + PatternByte *searchpattern; size_t result = -1; + + searchpatternsize = formathexpattern(pattern, NULL, 0) / 2; + searchpattern = calloc(searchpatternsize, sizeof *searchpattern); + if ( patterntransform(pattern, searchpattern, searchpatternsize) ) result = patternfind_pbyte(data, datasize, searchpattern, searchpatternsize); @@ -108,7 +125,10 @@ size_t patternfind(uint8_t *data, size_t datasize, const char *pattern) } __declspec(noinline) -size_t patternfind_bytes(uint8_t *data, size_t datasize, const uint8_t *pattern, size_t patternsize) +size_t patternfind_bytes(uint8_t *data, + size_t datasize, + const uint8_t *pattern, + size_t patternsize) { if ( patternsize > datasize ) patternsize = datasize; @@ -137,28 +157,38 @@ static inline void patternwritebyte(uint8_t *byte, const PatternByte pbyte) *byte = ((n1 << 4) & 0xF0) | (n2 & 0xF); } -void patternwrite(uint8_t *data, size_t datasize, const char *pattern) +void patternwrite(uint8_t *data, + size_t datasize, + const char *pattern) { - size_t writepatternsize = formathexpattern(pattern, NULL, 0) / 2; - PatternByte *writepattern = calloc(writepatternsize, sizeof(PatternByte)); + size_t writepatternsize; + PatternByte *writepattern; + DWORD fOldProtect; + + writepatternsize = formathexpattern(pattern, NULL, 0) / 2; + writepattern = calloc(writepatternsize, sizeof *writepattern); if ( patterntransform(pattern, writepattern, writepatternsize) ) { - DWORD OldProtect; - BOOL result = VirtualProtect(data, writepatternsize, PAGE_EXECUTE_READWRITE, &OldProtect); + VirtualProtect(data, writepatternsize, PAGE_EXECUTE_READWRITE, &fOldProtect); if ( writepatternsize > datasize ) writepatternsize = datasize; for ( size_t i = 0; i < writepatternsize; i++ ) patternwritebyte(&data[i], writepattern[i]); - result = VirtualProtect(data, writepatternsize, OldProtect, &OldProtect); + VirtualProtect(data, writepatternsize, fOldProtect, &fOldProtect); FlushInstructionCache(GetCurrentProcess(), data, datasize); } free(writepattern); } -bool patternsnr(uint8_t *data, size_t datasize, const char *searchpattern, const char *replacepattern) +bool patternsnr(uint8_t *data, + size_t datasize, + const char *searchpattern, + const char *replacepattern) { - size_t found = patternfind(data, datasize, searchpattern); + size_t found; + + found = patternfind(data, datasize, searchpattern); if ( found == -1 ) return false; patternwrite(data + found, found - datasize, replacepattern); @@ -166,7 +196,10 @@ bool patternsnr(uint8_t *data, size_t datasize, const char *searchpattern, const } __declspec(noinline) -size_t patternfind_pbyte(uint8_t *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize) +size_t patternfind_pbyte(uint8_t *data, + size_t datasize, + const PatternByte *pattern, + size_t searchpatternsize) { for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte