View topic - Machine code binary buffer searching regardless of NULL • AutoHotkey Community

View unanswered posts | View active topics

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Machine code binary buffer searching regardless of NULL

Page 4 of 4

[ 51 posts ]

Go to page Previous 1, 2, 3, 4

Print view | E-mail friend

Previous topic | Next topic

Author

Message

wOxxOm

Post subject:

Posted: January 6th, 2010, 8:02 pm

Joined: February 9th, 2006, 8:36 pm
Posts: 339

widow, this is the answer for your deleted :p post:

Code:

;ReplaceByte - replace byte in binary Buffer
;      ret: number of replacements, case-sensitive.
ReplaceByte( hayStackAddr, hayStackSize, ByteFrom=0, ByteTo=1, StartOffset=0, NumReps=-1)
{   Static fun
   IfEqual,fun,
   {
      h=
      ( LTrim join
         5589E553515256579C8B4D0C8B451831D229C17E25837D1C00741F8B7D0801C70FB6451
         00FB65D14FCF2AE750D885FFF42FF4D1C740409C975EF9D89D05F5E5A595BC9C21800
      )
      VarSetCapacity(fun,StrLen(h)//2)
      Loop % StrLen(h)//2
         NumPut("0x" . SubStr(h,2*A_Index-1,2), fun, A_Index-1, "Char")
   }
   Return DllCall(&fun
      , "uint",haystackAddr, "uint",hayStackSize, "short",ByteFrom, "short",ByteTo
      , "uint",StartOffset, "int",NumReps)
}

Top

SKAN

Post subject:

Posted: January 6th, 2010, 8:35 pm

Joined: December 26th, 2005, 4:40 pm
Posts: 8776

Ooh... Great! Thanks..

What is/does NumReps ?

Top

tic

Post subject:

Posted: January 6th, 2010, 8:52 pm

Joined: April 22nd, 2007, 6:33 pm
Posts: 1833

Number of replacements. -1 for all I guess

Edit:

Could I see the c++/asm please?

Thanks!

Top

wOxxOm

Post subject:

Posted: January 7th, 2010, 12:15 am

Joined: February 9th, 2006, 8:36 pm
Posts: 339

NumReps is of course a limit of replacements to be made.

well the asm is ultimately primitive, however it works pretty fast (10MB zeroes -> 1 in less than 100ms on my old AthlonX2@2600) - I just may assume that P4+ cpus have optimizations for such trivial memory-retrieval/storing schemes

here's the FASM code without compiler definitions for 'segments' and stuff.
BTW, I've tested the code just one time :p

Code:

proc ReplaceByte stdcall uses ebx ecx edx esi edi, hayStack, hayStackSize, ByteFrom:WORD, ByteTo:WORD, StartOffset, NumReps
   pushfd

   mov   ecx,[hayStackSize]
   mov   eax,[StartOffset]
   xor   edx,edx
   sub   ecx,eax
   jle   .done
   cmp   [NumReps],0
   jz   .done

   mov   edi,[hayStack]
   add   edi,eax ;edi=&(hayStack[StartOffset])

   movzx   eax,byte [ByteFrom]
   movzx   ebx,byte [ByteTo]
   cld

.rep:
   repne   scasb
   jne   .done

   mov   [edi-1],bl
   inc   edx
   dec   [NumReps]
   jz   .done
   or   ecx,ecx
   jnz   .rep

.done:
   popfd
   mov   eax,edx
   ret
endp

Top

tinku99

Post subject: search entire allocated memory space

Posted: January 22nd, 2011, 8:56 pm

Joined: August 3rd, 2007, 8:01 am
Posts: 555
Location: Houston, TX

Lexikos once wrote a script to enumerate the memory pages: here
Its straightforward to run binary buffer search once for each page in the list...
Then you can search through an entire process for a binary string, similar to this perl module: win32::process::memory.

Top

maraskan_user

Post subject:

Posted: January 26th, 2011, 4:12 pm

Joined: June 20th, 2008, 12:40 pm
Posts: 47

Did somebody have any luck with creating MCode for InBuf() that can work in AHK_L x64?

Top

Page 4 of 4

[ 51 posts ]

Go to page Previous 1, 2, 3, 4

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 10 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum