My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Source
    
Checkout | Browse | Changes |
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
;=======================================;
;     Code Signature Seek Functions     ;
;=======================================;

.code
	
	; function prototyping
	SigSeek_Compare		proto lpString1:DWORD, lpString2:DWORD, _Length:DWORD
	SigSeek_FindCode	proto dwStart:DWORD, dwEnd:DWORD, lpSig:DWORD, dwSize:DWORD
	SigSeek_SkipJack	proto C dwStart:DWORD, dwEnd:DWORD, dwOffset:SDWORD, dwArgs:DWORD, Args:VARARG
	
	SigSeek_FindCode proc uses ebx ecx edx esi edi dwStart:DWORD, dwEnd:DWORD, lpSig:DWORD, dwSize:DWORD
		
		;
		; EBX = dwSize
		; EDX = dwEnd - dwSize
		;
		
		; load the arguments into register
		mov ebx, dwSize
		mov edx, dwEnd
		sub edx, ebx
		
		; scan for specified signature
		mov ecx, ebx
		mov esi, dwStart
		mov edi, lpSig
		.repeat
			; compare the string
			repe cmpsb
			
			.if zero?
				; found the signature, return the address
				mov eax, ebx
				sub eax, ecx
				sub esi, eax
				mov eax, esi
				jmp @f
			.endif
			
			; restore ECX, ESI, EDI registers
			mov eax, ebx
			sub eax, ecx
			sub esi, eax
			sub edi, eax
			mov ecx, ebx
			
			; move to next byte
			; (note: written as "add esi, 1" instead of "inc esi"
			;        for better speed)
			add esi, 1
			
		.until (esi == edx)
		
		; return FALSE
		xor eax, eax
		
	@@:
		ret
		
	SigSeek_FindCode endp
	
	SigSeek_Compare proc uses ecx esi edi lpString1:DWORD, lpString2:DWORD, _Length:DWORD
		
		pushfd
			
			mov esi, lpString1
			mov edi, lpString2
			mov ecx, _Length
			cld
			repe cmpsb
			
			.if zero?
				; string match
				mov eax, TRUE
			.else
				; no match
				xor eax, eax
			.endif
			
		popfd
		
		ret
		
	SigSeek_Compare endp
	
	SigSeek_SkipJack proc C uses ebx ecx edx esi edi dwStart:DWORD, dwEnd:DWORD, dwOffset:SDWORD, dwArgs:DWORD, Args:VARARG
		
		.if (dwArgs > 0)
			mov ebx, dwStart
			.while TRUE
				; find the first code signature
				lea esi, Args
				invoke SigSeek_FindCode, ebx, dwEnd, [esi], [esi+4]
				
				.if (eax != NULL)
					mov ebx, eax
					mov edx, eax
					
					; skip the instruction length and specified number of bytes
					add ebx, [esi+4]
					add ebx, [esi+8]
					
					; initialize the registers
					mov ecx, 1
					mov edi, 1
					add esi, 12
					
					.repeat
						; is the next code signature match?
						invoke SigSeek_Compare, ebx, [esi], [esi+4]
						
						.if (eax != NULL)
							; skip the instruction length and specified number of bytes
							add ebx, [esi+4]
							add ebx, [esi+8]
							
							; increment match count
							inc edi
						.else
							; no match
							.break
						.endif
						
						; move to next argument
						inc ecx
						add esi, 12
						
					.until (ecx == dwArgs)
					
					.if (edi == dwArgs)
						; correct the address with specified offset
						add edx, dwOffset
						
						; return
						mov eax, edx
						.break
					.endif
				.else
					; no match
					xor eax, eax
					.break
				.endif
			.endw
		.else
			; invalid argument
			xor eax, eax
		.endif
		
		ret
		
	SigSeek_SkipJack endp
Show details Hide details

Change log

r38 by opcode0...@hotmail.com on Nov 22, 2008   Diff 
[No log message]
Go to: 
Project members, sign in to write a code review

Older revisions

r37 by opcode0...@hotmail.com on Nov 22, 2008   Diff 
[No log message]
r34 by opcode0...@hotmail.com on Nov 22, 2008   Diff 
[No log message]
All revisions of this file

File info

Size: 3148 bytes, 153 lines
Hosted by Google Code