doxygen/html/patsig_8c_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */
 #include "patsig.h"


 DWORD
 IntPatternMatch(
     _In_ const BYTE *Buffer,
     _In_ DWORD SigCount,
     _In_ const PATTERN_SIGNATURE *Sigs
     )
 {
     if (Buffer == NULL || Sigs == NULL)
     {
         return SIG_NOT_FOUND;
     }

     for (DWORD i = 0; i < SigCount; i++)
     {
         BOOLEAN matched = TRUE;

         for (DWORD j = 0; j < Sigs[i].Length; j++)
         {
             if (Sigs[i].Pattern[j] != 0x100 &&
                 Sigs[i].Pattern[j] != Buffer[Sigs[i].Offset + j])
             {
                 matched = FALSE;
                 break;
             }
         }

         if (matched)
         {
             return i;
         }
     }

     return SIG_NOT_FOUND;
 }


 DWORD
 IntPatternMatchAllOffsets(
     _In_ const BYTE *Buffer,
     _In_ const DWORD BufferSize,
     _In_ DWORD SigCount,
     _In_ const PATTERN_SIGNATURE *Sigs
     )
 {
     if (Buffer == NULL || Sigs == NULL)
     {
         return SIG_NOT_FOUND;
     }

     for (DWORD i = 0; i < SigCount; i++)
     {
         // check at each offset of buffer
         for (DWORD bufferOffset = 0; bufferOffset + Sigs[i].Length <= BufferSize; bufferOffset++)
         {
             DWORD foundSigId = IntPatternMatch(Buffer + bufferOffset, 1, &Sigs[i]);
             if (0 == foundSigId) // only one element, can be SIG_NOT_FOUND or 0
             {
                 return i;
             }
         }
     }

     return SIG_NOT_FOUND;
 }
IntPatternMatch
DWORD IntPatternMatch(const BYTE *Buffer, DWORD SigCount, const PATTERN_SIGNATURE *Sigs)
Matches one of the given signatures on the given buffer.
Definition: patsig.c:9

BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58

BYTE
uint8_t BYTE
Definition: intro_types.h:47

_In_
#define _In_
Definition: intro_sal.h:21

SIG_NOT_FOUND
#define SIG_NOT_FOUND
Signals that a signature was not matched.
Definition: patsig.h:13

TRUE
#define TRUE
Definition: intro_types.h:30

patsig.h

DWORD
uint32_t DWORD
Definition: intro_types.h:49

IntPatternMatchAllOffsets
DWORD IntPatternMatchAllOffsets(const BYTE *Buffer, const DWORD BufferSize, DWORD SigCount, const PATTERN_SIGNATURE *Sigs)
Matches one of the given signatures on the given buffer at any offset inside the given buffer...
Definition: patsig.c:56

_PATTERN_SIGNATURE
Describes a signature that can be used for searching or matching guest contents.
Definition: patsig.h:23

FALSE
#define FALSE
Definition: intro_types.h:34