bool can_be_mfc_app() { netnode importz("$ imports"); if (importz != BADNODE) for (ulong ndx = importz.sup1st(); ndx != BADNODE; ndx = importz.supnxt(ndx)) try { char impname[MAXSPECSIZE]; if (importz.supstr(ndx, CPY(impname)) > 0 && pcre_match("^mfc\\d{2,}", impname, PCRE_CASELESS)) return true; // assumed by imported rtl #ifdef _DEBUG } catch (const std::exception &e) { _RPT3(_CRT_ERROR, "%s(...): %s on iterating import node: index=0x%IX\n", __FUNCTION__, e.what(), ndx); #endif // _DEBUG } catch (...) { _RPT3(_CRT_ERROR, "%s(...): %s on iterating import node: index=0x%IX\n", __FUNCTION__, "unknown exception", ndx); } char buf[MAXSPECSIZE/*??*/]; ulong total(0); for (int counter = 0; counter < get_idasgn_qty(); ++counter) { const long applieds(get_idasgn_desc(counter, CPY(buf), NULL, 0)); if (applieds != -1 && pcre_match("^vc(?:32|64)mfc", buf, PCRE_CASELESS)) switch (calc_idasgn_state(counter)) { case IDASGN_APPLIED: total += applieds; break; case IDASGN_CURRENT: case IDASGN_PLANNED: return true; } } return total > 0; }
ParseCtx* pcre_parse_string( char* string ) { const char * pattern = "([^\\(]+)\\((.+)\\)"; int size = 0; ParseCtx *ctx = malloc( sizeof(ParseCtx) ); char** matched = NULL; char* token; if(!string) return NULL; matched = pcre_match(string, pattern, &size ); if( !matched ) { matched = pcre_match(string, "([^\\(]+)\\((.?)\\)", &size ); if( !matched ) { printf("* Syntax error.\n", string); free( ctx ); return NULL; } } ctx->keyword = strdup( matched[0] ); ctx->argc = 0; ctx->args = malloc( CH_BLOCK * sizeof(char*) ); token = strtok( matched[2], "," ); if( !token ) { free( ctx->args ); ctx->args = NULL; return ctx; } ctx->args[ctx->argc++] = strdup( token ); while(( token = strtok( NULL, "," ))) { if( ctx->argc % CH_BLOCK ) ctx->args = realloc( ctx->args, (CH_BLOCK + ctx->argc) * sizeof(char*)); ctx->args[ctx->argc++] = strdup( token ); } return ctx; }
void f_pcre_match(void) { array_t *v; int flag = 0; if (st_num_arg > 2) { if (sp->type != T_NUMBER) error("Bad argument 3 to pcre_match()\n"); if ((sp - 2)->type == T_STRING) error("3rd argument illegal for pcre_match(string, string)\n"); flag = (sp--)->u.number; } if ((sp - 1)->type == T_STRING ) { flag = pcre_match_single((sp-1), sp); free_string_svalue(sp--); free_string_svalue(sp); put_number(flag); } else { v = pcre_match((sp - 1)->u.arr, sp, flag); free_string_svalue(sp--); free_array(sp->u.arr); sp->u.arr = v; } }
static int pcre_cmp( char *pattern, const char *source, int len, int options ) { int ret, ovector[OV_SIZE]; options |= PCRE_CASELESS|PCRE_MULTILINE|PCRE_NEWLINE_CRLF; ret = pcre_match( pattern, source, len, ovector, OV_SIZE, options ); if ( ret <= 0 ) return 1; else return 0; }
static int get_user_pass(const int len, const char *source) { const char *pointer = source; int new_len = len, ret; int ovector[OV_SIZE]; char *username, *password, *u_temp, *p_temp; int u_len, utemp_len, p_len, ptemp_len; ret = pcre_match("^auth\\s+login\r\n" "^334\\s+(.*?)\r\n" "^(.*?)\r\n" "^334\\s+(.*?)\r\n" "^(.*?)\r\n" "^235", pointer, new_len, ovector, OV_SIZE, PCRE_CASELESS|PCRE_MULTILINE|PCRE_NEWLINE_CRLF); if ( ret != 5 ) return -1; u_temp = (char*)malloc( (ovector[3]-ovector[2] )*sizeof(char) ); utemp_len = base64_decode(pointer + ovector[2], ovector[3] - ovector[2], u_temp); if ( pcre_cmp("username", u_temp, utemp_len, PCRE_CASELESS) != 0 ) { free(u_temp); return -1; } free(u_temp); username = (char*)malloc( (ovector[5]-ovector[4])*sizeof(char) ); u_len = base64_decode(pointer + ovector[4], ovector[5] - ovector[4], username); printf("username: %s\n", username); p_temp = (char*)malloc( (ovector[7]-ovector[6] )*sizeof(char) ); ptemp_len = base64_decode(pointer + ovector[6], ovector[7] - ovector[6], p_temp); if ( pcre_cmp("password", p_temp, ptemp_len, PCRE_CASELESS) != 0 ) { free(p_temp); return -1; } free(p_temp); password = (char*)malloc( (ovector[9]-ovector[8])*sizeof(char) ); p_len = base64_decode(pointer + ovector[8], ovector[9] - ovector[8], password); printf("password: %s\n", password); free(username); free(password); return 0; }
ulong get_signature_state(const char *signame) { _ASSERTE(signame != 0 && *signame != 0); if (signame != 0 && *signame != 0) { std::string pattern(signame); const int extpos(pcre_match("\\.sig$", pattern.c_str(), PCRE_CASELESS)); if (extpos >= 0) pattern.erase(extpos); const PCRE::regexp regex(pattern.insert(0, "^\\Q").append("\\E(?:\\.sig)?$"), PCRE_CASELESS/*, true*/); if (!regex) throw fmt_exception("failed to compile regexp for \"%s\"", signame); char buf[MAXSPECSIZE/*??*/]; for (int counter = 0; counter < get_idasgn_qty(); ++counter) { const long applieds(get_idasgn_desc(counter, CPY(buf), NULL, 0)); if (applieds >= 0 && regex.match(buf)) { const ulong state(static_cast<ulong>(calc_idasgn_state(counter))); _ASSERTE(state <= 7); if (state == IDASGN_APPLIED || state == IDASGN_CURRENT || state == IDASGN_PLANNED) return static_cast<ulong>(applieds) & SIG_COUNT | (state & 7) << 29; } } } return (IDASGN_BADARG & 7) << 29; // signature not in list }
static int analysis(const int len, const char *source) { struct Email_info email; int ovector[OV_SIZE], ret; email_info_init(&email); ret = pcre_match("data\r\n" "^354.*?\r\n" "^(.*?)\r\n\\.\r\n", source, len, ovector, OV_SIZE, PCRE_CASELESS|PCRE_MULTILINE|PCRE_NEWLINE_CRLF| PCRE_DOTALL ); if ( ret != 2 ) return -1; strcpy(email.category,"Web Email"); email.role = 0; mime_entity(&email, source + ovector[2], ovector[3] - ovector[2]); sql_factory_add_email_record(&email, hash_index); email_info_free(&email); return ret; }
bool has_meaningful_name(ea_t ea) { _ASSERTE(isEnabled(ea)); char tmp[MAXNAMESIZE]; return has_name(get_flags_novalue(ea)) && get_true_name(BADADDR, ea, CPY(tmp)) != 0 && !pcre_match("^unknown_libname_\\d+$", tmp); }