Rizin
unix-like reverse engineering framework and cli tools
bytepat.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2006-2019 esteve <eslack.org>
2 // SPDX-FileCopyrightText: 2006-2019 pancake <pancake@nopcode.org>
3 // SPDX-License-Identifier: LGPL-3.0-only
4 
5 #include <rz_search.h>
6 #include <rz_util.h>
7 #include <rz_util/rz_print.h>
8 
9 #define CTXMINB 5
10 #define BSIZE (1024 * 1024)
11 #define MAX_PATLEN 1024
12 
13 typedef struct _fnditem {
14  unsigned char str[MAX_PATLEN];
15  void *next;
16 } fnditem;
17 
18 static fnditem *init_fi(void) {
19  fnditem *n;
20  n = (fnditem *)malloc(sizeof(fnditem));
21  if (!n) {
22  return NULL;
23  }
24  n->next = NULL;
25  return n;
26 }
27 
28 static void fini_fi(fnditem *fi) {
29  fnditem *fu;
30  fu = fi;
31  while (fi->next) {
32  fu = fi;
33  fi = fi->next;
34  free(fu);
35  fu = NULL;
36  }
37  free(fu);
38 }
39 
40 static void add_fi(fnditem *n, unsigned char *blk, int patlen) {
41  fnditem *p;
42  for (p = n; p->next != NULL; p = p->next) {
43  ;
44  }
45  p->next = (fnditem *)malloc(sizeof(fnditem));
46  p = p->next;
47  memcpy(p->str, blk, patlen);
48  p->next = NULL;
49 }
50 
51 static int is_fi_present(fnditem *n, unsigned char *blk, int patlen) {
52  fnditem *p;
53  for (p = n; p->next != NULL; p = p->next) {
54  if (!memcmp(blk, p->str, patlen)) {
55  return true;
56  }
57  }
58  return false;
59 }
60 
61 RZ_API int rz_search_pattern(RzSearch *s, ut64 from, ut64 to) {
62  ut8 block[BSIZE + MAX_PATLEN], sblk[BSIZE + MAX_PATLEN + 1];
63  ut64 addr, bact, bytes, intaddr, rb, bproc = 0;
64  int nr, i, moar = 0, pcnt, cnt = 0, k = 0;
65  int patlen = s->pattern_size;
66  fnditem *root;
67 
68  eprintf("Searching patterns between 0x%08" PFMT64x " and 0x%08" PFMT64x "\n", from, to);
69  if (patlen < 1 || patlen > MAX_PATLEN) {
70  eprintf("Invalid pattern length (must be > 1 and < %d)\n", MAX_PATLEN);
71  return false;
72  }
73  bact = from;
74  bytes = to;
75  // bytes += bact;
76  root = init_fi();
77  pcnt = -1;
78 
79  // bact = from
80  // bytes = to
81  // bproc = from2
82  while (bact < bytes) {
83  addr = bact;
84  if (rz_print_is_interrupted()) {
85  break;
86  }
87 
88  bproc = bact + patlen;
89  // read ( fd, sblk, patlen );
90  // XXX bytepattern should be used with a read callback
91  nr = ((bytes - bproc) < BSIZE) ? (bytes - bproc) : BSIZE;
92  // XXX rizin_read_at(bact, sblk, patlen);
93  s->iob.read_at(s->iob.io, addr, sblk, nr);
94  sblk[patlen] = 0; // XXX
95 
96  intaddr = bact;
97  cnt = 0;
98  while (bproc < bytes) {
99  // TODO: handle ^C here
100  nr = ((bytes - bproc) < BSIZE) ? (bytes - bproc) : BSIZE;
101  nr += (patlen - (nr % patlen)); // tamany de bloc llegit multiple superior de tamany busqueda
102  rb = s->iob.read_at(s->iob.io, bproc, block, nr);
103  if (rb < 1) {
104  break;
105  }
106  nr = rb;
107  addr += nr;
108  moar = 0;
109  for (i = 0; i < nr; i++) {
110  if (!memcmp(&block[i], sblk, patlen) && !is_fi_present(root, sblk, patlen)) {
111  if (cnt == 0) {
112  add_fi(root, sblk, patlen);
113  pcnt++;
114  eprintf("\nbytes: %d: ", pcnt);
115  for (k = 0; k < patlen; k++) {
116  eprintf("%02x", sblk[k]);
117  }
118  eprintf("\nfound: %d: 0x%08" PFMT64x " ", pcnt, intaddr);
119  }
120  moar++;
121  cnt++;
122  eprintf("0x%08" PFMT64x " ", bproc + i);
123  }
124  }
125  if (moar > 0) {
126  eprintf("\ncount: %d: %d\n", pcnt, moar + 1);
127  }
128  bproc += rb;
129  }
130  bact += (moar > 0) ? patlen : 1;
131  }
132  eprintf("\n");
133  fini_fi(root);
134  return 0;
135 }
i
lzma_index ** i
Definition: index.h:629
bytes
static ut8 bytes[32]
Definition: asm_arc.c:23
fnditem
struct _fnditem fnditem
add_fi
static void add_fi(fnditem *n, unsigned char *blk, int patlen)
Definition: bytepat.c:40
fini_fi
static void fini_fi(fnditem *fi)
Definition: bytepat.c:28
BSIZE
#define BSIZE
Definition: bytepat.c:10
is_fi_present
static int is_fi_present(fnditem *n, unsigned char *blk, int patlen)
Definition: bytepat.c:51
init_fi
static fnditem * init_fi(void)
Definition: bytepat.c:18
MAX_PATLEN
#define MAX_PATLEN
Definition: bytepat.c:11
rz_search_pattern
RZ_API int rz_search_pattern(RzSearch *s, ut64 from, ut64 to)
Definition: bytepat.c:61
RZ_API
#define RZ_API
Definition: core_plugin_example.c:36
NULL
#define NULL
Definition: cris-opc.c:27
k
const char * k
Definition: dsignal.c:11
root
int root
Definition: enough.c:226
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
ut8
uint8_t ut8
Definition: lh5801.h:11
p
void * p
Definition: libc.cpp:67
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
malloc
void * malloc(size_t size)
Definition: malloc.c:123
n
int n
Definition: mipsasm.c:19
rz_print_is_interrupted
RZ_API bool rz_print_is_interrupted(void)
Definition: print.c:45
eprintf
#define eprintf(x, y...)
Definition: rlcc.c:7
s
static RzSocket * s
Definition: rtr.c:28
rz_print.h
rz_search.h
PFMT64x
#define PFMT64x
Definition: rz_types.h:393
rz_util.h
from
static struct sockaddr static addrlen static backlog const void static flags void struct sockaddr from
Definition: sfsocketcall.h:123
to
static struct sockaddr static addrlen static backlog const void static flags void struct sockaddr socklen_t static fromlen const void const struct sockaddr to
Definition: sfsocketcall.h:125
_fnditem
Definition: bytepat.c:13
_fnditem::str
unsigned char str[MAX_PATLEN]
Definition: bytepat.c:14
_fnditem::next
void * next
Definition: bytepat.c:15
rz_search_t
Definition: rz_search.h:54
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
addr
static int addr
Definition: z80asm.c:58