int main() { char test[] = "\0\0\0\0\0\0\0\0\0CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0"; char find[] = "CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0"; /* char test[] = "\x90\x90\x90\x90\x90\x90\xe8\xc0\xff\xff\xff/bin/sh\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; char find[] = "\xe8\xc0\xff\xff\xff/bin/sh"; */ int i; int toks; int *shift; int *skip; /* shift=make_shift(find,sizeof(find)-1); skip=make_skip(find,sizeof(find)-1); */ DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"%d\n", mSearch(test, sizeof(test) - 1, find, sizeof(find) - 1, shift, skip)););
static int strsearch_process(mapidflib_function_instance_t *instance, MAPI_UNUSED unsigned char* dev_pkt, unsigned char* pkt, mapid_pkthdr_t* pkt_head) { int len; struct mapid_strsearch_pattern *pattern; //Check if this packet is allready evaluated in this iteration //Yes => return result if (((struct mapid_strsearch *)instance->internal_data)->currentIteration == instance->hwinfo->pkts) { return ((struct mapid_strsearch *)instance->internal_data)->result; } //No => evaluate else ((struct mapid_strsearch *)instance->internal_data)->currentIteration = instance->hwinfo->pkts; ((struct mapid_strsearch *)instance->internal_data)->result = 0; pattern = ((struct mapid_strsearch *)instance->internal_data)->pattern; while (pattern != NULL) { len = pkt_head->caplen - pattern->offset; if(pattern->depth && (len > pattern->depth)) len = pattern->depth; if(len < pattern->slen) return ((struct mapid_strsearch *)instance->internal_data)->result; if (mSearch((char *)(pkt+pattern->offset), len, (char *)pattern->str, pattern->slen, pattern->skip, pattern->shift)) return (((struct mapid_strsearch *)instance->internal_data)->result = 1); pattern = pattern->next; } return ((struct mapid_strsearch *)instance->internal_data)->result; }