bool compare_signature(unsigned char *data, QWORD ep_offset, FILE *dbfile, char *packer_name) { char *buff = (char *) xmalloc(MAX_SIG_SIZE); size_t len; if (!dbfile || !data) return false; //memset(buff, 0, MAX_SIG_SIZE); while (fgets(buff, MAX_SIG_SIZE, dbfile)) { // line length len = strlen(buff); // ifgore comments and blank lines if (*buff == ';' || *buff == '\n' || *buff == '\r') continue; // remove newline from buffer if (*(buff+len-1) == '\n') *(buff+len-1) = '\0'; // removing carriage return, if present if (*(buff+len-2) == '\r') { *(buff+len-2) = '\0'; //*(buff+len-1) = '\0'; len--; // update line length } // line have [packer name]? Fill packer_name pointer if (*buff == '[' && *(buff+len-2) == ']') { *(buff+len-2) = '\0'; // remove square brackets strncpy(packer_name, buff+1, MAX_MSG); } // check if signature match if (!strncasecmp(buff, "signature", 9)) { if (match_peid_signature(data + ep_offset, buff+9)) { free(buff); return true; } } } packer_name = NULL; free(buff); return false; }
static bool compare_signature(const unsigned char *data, uint64_t ep_offset, FILE *dbfile, char *packer_name, size_t packer_name_len) { if (!dbfile || !data) return false; char *buff = malloc_s(MAX_SIG_SIZE); //memset(buff, 0, MAX_SIG_SIZE); while (fgets(buff, MAX_SIG_SIZE, dbfile)) { // line length size_t len = strlen(buff); // ifgore comments and blank lines if (*buff == ';' || *buff == '\n' || *buff == '\r') continue; // remove newline from buffer if (*(buff+len-1) == '\n') *(buff+len-1) = '\0'; // removing carriage return, if present if (*(buff+len-2) == '\r') { *(buff+len-2) = '\0'; //*(buff+len-1) = '\0'; len--; // update line length } // line have [packer name]? Fill packer_name pointer if (*buff == '[' && *(buff+len-2) == ']') { *(buff+len-2) = '\0'; // remove square brackets strncpy(packer_name, buff+1, packer_name_len); packer_name[packer_name_len-1] = '\0'; // Guarantee it's Null-terminated. } // check if signature match if (!strncasecmp(buff, "signature", 9)) { if (match_peid_signature(data + ep_offset, buff+9)) { free(buff); return true; } } } free(buff); return false; }