int main()
{
char test[] = "\0\0\0\0\0\0\0\0\0CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
char find[] = "CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
/* char test[] = "\x90\x90\x90\x90\x90\x90\xe8\xc0\xff\xff\xff/bin/sh\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
char find[] = "\xe8\xc0\xff\xff\xff/bin/sh"; */
int i;
int toks;
int *shift;
int *skip;
/* shift=make_shift(find,sizeof(find)-1);
skip=make_skip(find,sizeof(find)-1); */
DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"%d\n",
mSearch(test, sizeof(test) - 1, find,
sizeof(find) - 1, shift, skip)););
static int strsearch_process(mapidflib_function_instance_t *instance,
MAPI_UNUSED unsigned char* dev_pkt,
unsigned char* pkt,
mapid_pkthdr_t* pkt_head)
{
int len;
struct mapid_strsearch_pattern *pattern;
//Check if this packet is allready evaluated in this iteration
//Yes => return result
if (((struct mapid_strsearch *)instance->internal_data)->currentIteration == instance->hwinfo->pkts) {
return ((struct mapid_strsearch *)instance->internal_data)->result;
}
//No => evaluate
else ((struct mapid_strsearch *)instance->internal_data)->currentIteration = instance->hwinfo->pkts;
((struct mapid_strsearch *)instance->internal_data)->result = 0;
pattern = ((struct mapid_strsearch *)instance->internal_data)->pattern;
while (pattern != NULL)
{
len = pkt_head->caplen - pattern->offset;
if(pattern->depth && (len > pattern->depth))
len = pattern->depth;
if(len < pattern->slen)
return ((struct mapid_strsearch *)instance->internal_data)->result;
if (mSearch((char *)(pkt+pattern->offset), len, (char *)pattern->str, pattern->slen,
pattern->skip, pattern->shift))
return (((struct mapid_strsearch *)instance->internal_data)->result = 1);
pattern = pattern->next;
}
return ((struct mapid_strsearch *)instance->internal_data)->result;
}
