Autistic stringless sig scanner
#1
So i made a sigscanner that uses no strings.
(first two args is data to search in)
[Image: x8s9Ixa.png]


How does it not have strings?
Bytes to search for are hashed
Mask is encoded in a pointer sized bit set

Limitations:
Maximum architecture bit count length for signatures in bytes (so 32 byte sigs on 32 bit systems, 64 byte on 64 bits)

Performance:
Kinda unstable atm xd





Code:
Code:
  1. #include <bitset>
  2. #include <array>
  3. #include "fnv.hpp"
  4.  
  5. constexpr static auto k_bitness = 8 * sizeof(void*);
  6. using bitset_ptr = std::bitset<k_bitness>;
  7.  
  8. void* find_signature(
  9. const void* begin,
  10. const void* end,
  11. bitset_ptr mask,
  12. fnv::hash hash
  13. )
  14. {
  15. const auto begin_it = (uint8_t*)(begin);
  16. const auto end_it = (uint8_t*)(end);
  17.  
  18. std::array<fnv::hash, k_bitness> hashes;
  19. for (auto& h : hashes)
  20. h = fnv::hash_init();
  21.  
  22. for (auto it = begin_it; it != end; ++it)
  23. {
  24. if (it - begin_it >= k_bitness)
  25. {
  26. auto& current = hashes[(k_bitness - std::uintptr_t(it)) % k_bitness];
  27. if (current == hash)
  28. return it - k_bitness;
  29. current = fnv::hash_init();
  30. }
  31.  
  32. for (auto i = 0u; i < k_bitness; ++i)
  33. {
  34. const auto e = std::uintptr_t(it + i) % k_bitness;
  35. if (mask[e])
  36. hashes[i] = fnv::hash_byte(hashes[i], *it);
  37. }
  38. }
  39.  
  40. auto last_set = 0;
  41. for (auto i = 0u; i < k_bitness; ++i)
  42. if(mask[i % mask.size()]) // FUCKING VS STOP PUTTING RANGECHECKS
  43. last_set = i;
  44.  
  45. for(auto i = last_set; i < k_bitness; ++i)
  46. if (hashes[(k_bitness - std::uintptr_t(end_it + i - last_set)) % k_bitness] == hash)
  47. return end_it + i - last_set - k_bitness;
  48.  
  49. return nullptr;
  50. }
  51.  
  52. template<std::size_t N>
  53. __forceinline constexpr bitset_ptr mask_from_str(const char(&str)[N])
  54. {
  55. std::uintptr_t b = 0;
  56. for (auto i = 0u; i < N - 1; ++i)
  57. b |= std::uintptr_t(str[i] == 'x') << i;
  58. return { b };
  59. }
  60.  
  61. int main()
  62. {
  63. static const char memes[] = "ABCDEFGHIJKLM";
  64. // Looks for 'B' ? ? ? ? 'G' 'H' 'I' 'J' ? ? 'M'
  65. auto res = find_signature(
  66. std::begin(memes),
  67. std::end(memes) - 1,
  68. mask_from_str("x????xxxx??x"),
  69. FNV("BGHIJM")
  70. );
  71.  
  72.  
  73. // Looks for 'A' ? 'C' ? ? ? 'G' 'H' 'I' ? ? 'L'
  74. auto res2 = find_signature(
  75. std::begin(memes),
  76. std::end(memes) - 1,
  77. mask_from_str("x?x???xxx??x"),
  78. FNV("ACGHIL")
  79. );
  80.  
  81. printf("%zd %zd\n", (char*)res - memes, (char*)res2 - memes);
  82. return 0;
  83. }
  Reply




Users browsing this thread: 1 Guest(s)