📄 gsar.cpp
字号:
s = k - 1;
while (BMG_Cmap[*s--] == BMG_Pattern[--j])
;
if (j >= 0)
k++;
else
{
if (k >= strend)
break;
/* found submatch, k is on the last letter in the match */
BufOfs = k - BMG_Buffer + 1 - BMG_Patlen;
n = (BMG_Buffer + BufOfs) - pLast;
k++;
if (n >= 0)
{
nMatches++;
if (pCtrl->fVerbose)
Verbose(pCtrl, FileOfs, BufOfs, BMG_Buffer, strend);
if (fwrite(pLast, sizeof(unsigned char), n, pCtrl->fpOut) != (size_t)n)
return -1;
if (fwrite(pReplaceBuf, sizeof(unsigned char), nReplace, pCtrl->fpOut) != nReplace)
return -1;
pLast = k; /* set last marker to write from */
}
}
}
n = strend - pLast;
if (n >= BMG_Patlen)
{
fwrite(pLast, sizeof(unsigned char), n - BMG_Patlen + 1, pCtrl->fpOut);
nTrans = BMG_Patlen - 1;
}
else
{
nTrans = n;
}
memcpy(BMG_Buffer, strend - nTrans, nTrans); /* move remaining bytes to the start */
Cnt = BUFSIZ - nTrans;
FileOfs += Cnt; /* calculate file offset */
}
return nMatches;
}
/* Input : pat - pointer to pattern string
* PatLen - actual length of the pattern
* fFolded - flag which determines case folding
* Returns : nothing
*
* Set up & compute Boyer-Moore delta (jump) table
*
* This function works only on local variables, so doesn't matter if the search will be
* on a file or memory.
*/
void BMG_gsar::BMG_Setup(char *pat, int PatLen, char fFolded)
{
register int j;
BMG_Patlen = PatLen;
/* Make sure the LARGE hack will work by making sure that the
* top of the buffer does not contain any 0's
* Shub-Nigurrath: in original code the copied value was 0, but this value
* gives problems for particular search patterns (loop forever without finding it)
*/
memset(&BMG_Buffer[BUFSIZ], 0xFF, PAT_BUFSIZ);
if (fFolded)
{ /* fold case while saving pattern */
for (j = 0; j < BMG_Patlen; j++)
BMG_Pattern[j] = (isupper((int) pat[j])
? (unsigned char) tolower((int) pat[j]) : pat[j]);
}
else
memcpy(BMG_Pattern, (unsigned char *) pat, BMG_Patlen);
for (j = 0; j < 256; j++)
{
BMG_Delta0[j] = BMG_Patlen;
BMG_Cmap[j] = (unsigned char) j; /* could be done at compile time */
}
for (j = 0; j < BMG_Patlen - 1; j++)
BMG_Delta0[BMG_Pattern[j]] = BMG_Patlen - j - 1;
BMG_Delta0[BMG_Pattern[BMG_Patlen - 1]] = LARGE;
if (fFolded)
{
for (j = 0; j < BMG_Patlen - 1; j++)
if (islower((int) BMG_Pattern[j]))
BMG_Delta0[toupper((int) BMG_Pattern[j])] = BMG_Patlen - j - 1;
if (islower((int) BMG_Pattern[BMG_Patlen - 1]))
BMG_Delta0[toupper((int) BMG_Pattern[BMG_Patlen - 1])] = LARGE;
for (j = 'A'; j <= 'Z'; j++)
BMG_Cmap[j] = (unsigned char) tolower((int) j);
}
}
/* Input : pCtrl - pointer to structure containg ctrl info
* hProcess - handle of the process for which read the memory information
* startAddr, endAddr is the memory window inside which search
* Returns : number of matches found in file
*
* This function is the memory version of the BMG_Search routine, it uses ReadProcessMemory().
*
* The pattern to search for must already have been set up using BMG_Setup
*
* Works by applying the BMG algorithm to a buffer. To ensure the pattern
* is not inadvertently chopped up, BMG_Patlen - 1 bytes is always moved
* to the start of the buffer. The next time we fill the buffer we fill it
* with BUFSIZ - (BMG_Patlen - 1) bytes.
*/
long BMG_gsar::BMG_MemorySearch(OUTPUT_CTRL_BASE *pCtrl,
HANDLE hProcess,
DWORD startAddr, DWORD endAddr)
{
register unsigned char *k;
register unsigned char *s;
register unsigned char *strend;
register int j;
int nTrans = 0; /* number of bytes to transfer to the start of the buffer */
int BufOfs; /* buffer offset for each match */
int Cnt = BUFSIZ;
long nMatches = 0; /* number of matches found */
long nBytes; /* number of bytes read */
unsigned long FileOfs = 0; /* current file offset */
DWORD dwMemoffset=startAddr; /* current memory window offset */
for (;;)
{
//nBytes = fread(&BMG_Buffer[nTrans], 1, (size_t) Cnt, pCtrl->fpIn);
nBytes = 1 * (size_t) Cnt;
ReadProcessMemory(hProcess, (LPVOID)dwMemoffset, (void*)&BMG_Buffer[nTrans], nBytes, NULL );
dwMemoffset += nBytes;
if(dwMemoffset>=endAddr)
nBytes=0;
if (!nBytes)
break;
s = BMG_Buffer;
strend = s + nBytes + nTrans;
k = BMG_Buffer + BMG_Patlen - 1;
for (;;)
{
while ((k += BMG_Delta0[ *(unsigned char *) k]) < strend)
;
if (k < (BMG_Buffer + LARGE))
break;
k -= LARGE;
j = BMG_Patlen - 1;
s = k - 1;
while (BMG_Cmap[ *s--] == BMG_Pattern[--j])
;
if (j >= 0)
k++;
else
{
if (k >= strend)
break;
/* found submatch, k is on the last letter in the match */
BufOfs = k - BMG_Buffer + 1 - BMG_Patlen;
nMatches++;
if (pCtrl->fVerbose)
VerboseBase(pCtrl, FileOfs, BufOfs, BMG_Buffer, strend);
// This modification is essential to bring to the caller the offset of the place found!
pCtrl->fLastOffset= FileOfs + BufOfs;
k++;
}
}
nTrans = BMG_Patlen - 1;
memcpy(BMG_Buffer, strend - nTrans, nTrans); /* move remaining bytes to the start */
Cnt = BUFSIZ - nTrans;
FileOfs += Cnt; /* calculate file offset */
}
return nMatches;
}
/* Input : pCtrl - pointer to structure containg ctrl info
* hProcess - handle of the process for which read the memory information
* startAddr, endAddr is the memory window inside which search
* ReplaceBuf - pointer to buffer which contains replacement
* nReplace - number of bytes in replace buffer
*
* Returns : number of matches & replaces performed
* -1 if error in fwrite, disk might be full, or removed
*
* The pattern to search for must already have been set up using BMG_Setup
*
* Works by applying the BMG algorithm to a buffer. To ensure the pattern
* is not inadvertently chopped up we have to be a little careful. Since
* we're doing a search and replace we can't copy BMG_Patlen - 1 bytes
* always. Consider the following:
*
* We're searching for 'aa' in the string 'aaaa'
* This will give a result of 3 matches namely: a[0]a[1] a[1]a[2] a[2]a[3]
*
* But if we're searching for 'aa' and replacing with 'xx' in 'aaaa'
* This will give a result of 2 matches and the new buffer: 'xxxx'
* After a match of a[0]a[1] we must start the next search at a[2].
*
* So if we have a match at the exact end of the buffer. We must
* not transfer anything to the start.
*
* Use the following algorithm:
*
* Calculate the distance between the last match and the end of the buffer
* and call this distance n.
*
* n = end of buffer - last match
* if n >= Bmg_Patlen we transfer BMG_Patlen - 1 bytes to the start
* if n < Bmg_Patlen we transfer n bytes to the start of the buffer
*/
long BMG_gsar::BMG_MemorySearchReplace(OUTPUT_CTRL_BASE *pCtrl,
HANDLE hProcess,
DWORD startAddr, DWORD endAddr,
char *pReplaceBuf,
unsigned short nReplace)
{
register unsigned char *k;
register unsigned char *s;
register unsigned char *strend;
register int j;
register int n;
unsigned char *pLast;
int nTrans = 0; /* number of bytes to transfer to the start of the buffer */
int BufOfs; /* buffer offset for each match */
int Cnt = BUFSIZ;
long nMatches = 0; /* number of matches found */
long nBytes; /* number of bytes read */
unsigned long FileOfs = 0; /* current file offset */
DWORD dwMemoffset=startAddr; /* current memory window offset */
for (;;)
{
//nBytes = (unsigned long) fread(&BMG_Buffer[nTrans], sizeof(unsigned char), (size_t) Cnt, pCtrl->fpIn);
nBytes=sizeof(unsigned char) * (size_t) Cnt;
ReadProcessMemory(hProcess, (LPVOID)dwMemoffset, (void*)&BMG_Buffer[nTrans], nBytes, NULL );
dwMemoffset += nBytes;
if(dwMemoffset>=endAddr)
nBytes=0;
if (!nBytes)
break;
s = BMG_Buffer;
pLast = s;
strend = s + nBytes + nTrans;
k = BMG_Buffer + BMG_Patlen - 1;
for (;;)
{
while ((k += BMG_Delta0[*(unsigned char *) k]) < strend)
;
if (k < (BMG_Buffer + LARGE))
break;
k -= LARGE;
j = BMG_Patlen - 1;
s = k - 1;
while (BMG_Cmap[*s--] == BMG_Pattern[--j])
;
if (j >= 0)
k++;
else
{
if (k >= strend)
break;
/* found submatch, k is on the last letter in the match */
BufOfs = k - BMG_Buffer + 1 - BMG_Patlen;
n = (BMG_Buffer + BufOfs) - pLast;
k++;
if (n >= 0)
{
nMatches++;
if (pCtrl->fVerbose)
VerboseBase(pCtrl, FileOfs, BufOfs, BMG_Buffer, strend);
// This modification is essential to bring to the caller the offset of the place found!
pCtrl->fLastOffset= FileOfs + BufOfs;
dwMemoffset = startAddr + pCtrl->fLastOffset;
WriteProcessMemory(hProcess, (LPVOID)dwMemoffset, (void*)pReplaceBuf, nReplace, NULL );
pLast = k; /* set last marker to write from */
}
}
}
n = strend - pLast;
if (n >= BMG_Patlen)
nTrans = BMG_Patlen - 1;
else
nTrans = n;
memcpy(BMG_Buffer, strend - nTrans, nTrans); /* move remaining bytes to the start */
Cnt = BUFSIZ - nTrans;
FileOfs += Cnt; /* calculate file offset */
}
return nMatches;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -