1. Вы находитесь в архивной версии форума xaker.name. Здесь собраны темы с 2007 по 2012 год, большинство инструкций и мануалов уже неактуальны.
    Скрыть объявление

Поиск String_ASM_Routine

Тема в разделе "Assembler", создана пользователем ZUNAMI777, 13 дек 2008.

  1. ZUNAMI777

    ZUNAMI777 Продвинутый

    Регистрация:
    26 авг 2008
    Сообщения:
    64
    Симпатии:
    13
    Баллы:
    0
    PHP:
    MemoryBlock Search Routine in PURE ASM (107 Bytes)
    Routine Written by Timothy Slater

    SPEED
    :
      
    Can Scan a 1.1MB memory block for a 20 byte sequence in 15-31ms

    USE:
    PUSH (LengthOfSearchString)
    PUSH (Pointer to SearchString)
    PUSH (Pointer to MemoryBlock)
    PUSH (Pointer to ReturnValue Variable) / NOTEbefore running routine this variable must 
    contain the size of MemoryBlock
    PUSH ReturnAddress


    CallWindowProcA 
    pointer to ASM array, pointer to ReturnValuepointer to MemoryBlockpointer to SearchStringSearchString length)
    *
    MemoryBlock is an array of bytes filled by ReadProcessMemory
    *ReturnValue is set to the size of the MemoryBlock before the call to the routine.

            
    pushad                               Push registers to stack
            
    xor ecx,ecx                          clear ECX register (counter)
    testing_00401BC3:
            
    mov edi,dword ptr ss:[esp+024h]      ; mov pointer to BlockSize into EDI
            mov esi
    ,dword ptr ss:[esp+030h]      ; mov pointer to SearchSize into ESI
            push ecx                             
    push current offset to stack
            add ecx
    ,esi                          add SearchSize to current offset
            cmp ecx
    ,dword ptr ss:[edi]           ; compare result to BlockSize
            jg 
    @testing_00401C23                 ; If greater thanwe've search whole block
            pop ecx                              ; restore offset to ECX
            mov edi,dword ptr ss:[esp+028h]      ; mov MemoryBlock pointer to EDI
            mov esi,dword ptr ss:[esp+02ch]      ; mov SearchString pointer to ESI
            push ecx                             ; save current offset to stack
            mov al,byte ptr ds:[ecx+edi]         ; mov next byte from MemoryBlock to AL
            mov cl,byte ptr ds:[esi]             ; mov first byte of search string to CL
            add dword ptr ds:[esp],1             ; increment MemoryBlock offset (on stack)
            cmp al,cl                            ; compare 2 bytes to see if they match
            pop ecx                              ; restore offset to ECX
            jnz @testing_00401BC3                ; if match not found, loop
            mov esi,dword ptr ss:[esp+030h]      ; mov SearchString length to ESI
            cmp esi,1                            ; compare to 1 byte length
            je @testing_00401C1b                 ; if 1 byte long we found it... jump

            xor edx,edx                          ; clear EDX (SearchString Offset)
            mov dl,1                             ; DL here stores number of matched bytes (1)
    testing_00401BFD
            cmp edx,esi                          ; compare to searchstring length, have we found whole string?
            jge @testing_00401C19                ; if so, exit routine giving offset
            mov ebx,dword ptr ss:[esp+02ch]      ; mov pointer to SearchString into EBX
            mov al,byte ptr ss:[ecx+edi]         ; mov next byte from memory block
            mov ah,byte ptr ss:[edx+ebx]         ; mov next byte from searchstring
            add ecx,1                            ; increase offset
            cmp al,ah                            ; compare two bytes
            jnz @testing_00401BC3                ; if they don'
    t matchbegin searching for 1st byte again
            add edx
    ,1                            increase offset for SearchString
            jmp 
    @testing_00401BFD                Loop to find next char
    testing_00401C19
    :
            
    sub ecx,edx                          subtract searchstring length from offset
    testing_00401C1B
    :
            
    mov edx,dword ptr ss:[esp+024h]      ; mov pointer to ReturnValue variable into EDX
            mov dword ptr ds
    :[edx],ecx           mov Offset value to [EDX]
            
    popad                                restore Registers
            ret                                  
    ; Return
    testing_00401C23:
            
    pop ecx                              restore offset to ECX
            mov ecx
    ,-1                           mov ECX -1 to show not found
            jmp 
    @testing_00401C1b                jump to exit routine


    ASM STRING
    :
    "6033C98B7C24248B7424305103CE363B0F7F50598B7C24288B74242C518A04398A0E3E830424013AC15975D78B74243083FE010F84D4FF0F0033D2B2013BD67D188B5C242C368A0439368A241A83C1013AC475AF83C201EBE42BCA8B542424890A61C359B9FFFFFFFFEBF0"

    put this into a byte array and use the CallWindowProcA method above.
     
  2. iwamoto

    iwamoto Новичок

    Регистрация:
    28 фев 2012
    Сообщения:
    6
    Симпатии:
    1
    Баллы:
    0
    использовал алгоритм, найденный на сайте, теперь, к сожалению не существует.
    Код:
    ;
    ; Boyer-Moore string search in 32bit x86 assembly by Jeremy Collake
    ; email: [email protected]
    ; homepage: http://www.collakesoftware.com 
    ; revision: 4
    ;
    ; I optimized things as best I could without actually putting much
    ; effort into it ;).
    ;
    ;
    ; Functions:
    ; BMStrStr, BMStrStri, BMBinBin
    ;
    ; ====( BMStrStr)==== 
    ; Prototype: 
    ;       char *BMStrStr(char *String1, char *String2);
    ;
    ; Synopsis: Performs case-sensitive Boyer-Moore string search.
    ; 
    ; pSearchData = Pointer to null terminated ANSI string to be searched
    ;               through.
    ; pString2    = Pointer to null terminated ANSI string to be searched 
    ;               for. 
    ; Returns:
    ; Pointer to first occurance to string found, or NULL if not found.
    ;
    ;
    ;
    ; ====( BMStrStri)==== 
    ; Prototype: 
    ;       char *BMStrStri(char *String1, char *String2);
    ;
    ; Synopsis: Performs case-sensitive Boyer-Moore string search.
    ; 
    ; pSearchData = Pointer to null terminated ANSI string to be searched
    ;               through.
    ; pString2    = Pointer to null terminated ANSI string to be searched 
    ;               for. 
    ; Returns:
    ; Pointer to first occurance to string found, or NULL if not found.
    ;
    ;
    ;
    ; ====( BMBinBin)==== 
    ; Prototype: 
    ;       void *BMBinBin(void *Data1, unsigned int Data1Len,
    ;                       void *Data2, unsigned int Data2Len);
    ;
    ; Synopsis: Performs binary search for pData2 within pData1.
    ; 
    ; pData1      = Pointer to data to be searched through.
    ; Data1Len    = length of data pointed to by pData1
    ; pData2      = Pointer to data to be searched for.
    ; Data2Len    = length of data pointed to by pData2
    ; 
    ; Returns:
    ; Pointer to first occurance of data found, or NULL if not found.
    ;
    ;
    BMTABLE STRUCT
        dd 256 dup(0)
    BMTABLE ENDS
    .code
    ;
    ; ====( StrCmp )==== 
    ; Case sensitive reverse direction string compare macro.
    ; + assumes last character of both strings are equal!
    ; entry:  esi->end of string1
    ;         ebx->end of string2
    ;         ecx=length of string
    ; returns:
    ;         zero flag set if equal
    ; destroyed:
    ;         eax,esi,ebx,ecx
    ;
    RevStrCmp MACRO
    LOCAL RevStrCmpLoop,RevStrCmpEnd
            dec     ecx
            jz      RevStrCmpEnd
    RevStrCmpLoop:  
            dec     esi
            dec     ebx     
            mov     al,byte ptr [esi]
            cmp     al,byte ptr [ebx]
            jnz     RevStrCmpEnd    
            dec     ecx
            jnz     RevStrCmpLoop
    RevStrCmpEnd:           
    ENDM
    ;
    ; ====( RevStrCmpi )==== 
    ; Case insensitive reverse string compare macro.
    ; + assumes last character of both strings are equal!
    ; entry:  esi->string1 
    ;         edi->string2 
    ;         ecx=length of string
    ; returns:
    ;         zero flag set if equal
    ; destroyed:
    ;         eax,esi,edi,ecx
    ;
    RevStrCmpi MACRO
    LOCAL RevStrCmpiLoop,RevStrCmpiEnd
            dec     ecx
            jz      RevStrCmpiEnd
    RevStrCmpiLoop: 
            dec     esi
            dec     ebx
            mov     al,byte ptr [esi]       
            mov     ah,byte ptr [ebx]        
            cmp     al,ah
            jz      RevStrCmpiContLoop
            ToLower al        
            ToLower ah        
            cmp     al,ah
            jnz     RevStrCmpiEnd   
    RevStrCmpiContLoop:        
            dec     ecx
            jnz     RevStrCmpiLoop
    RevStrCmpiEnd:          
    ENDM
    ;
    ; ====( ToLower )==== 
    ; Macro to convert ANSI character to lowercase
    ;
    ToLower MACRO reg8
            LOCAL   nochg
            cmp     reg8,'A'
            jb      nochg
            cmp     reg8,'Z'
            ja      nochg
            sub     reg8,'A'-'a'
    nochg:  
    ENDM
    ;
    ; ====( BMStrStr)==== 
    ; Prototype: 
    ;       char *BMStrStr(char *String1, char *String2);
    ;
    ; Synopsis: Performs case-sensitive Boyer-Moore string search.
    ; 
    ; pSearchData = Pointer to null terminated ANSI string to be searched
    ;               through.
    ; pString2    = Pointer to null terminated ANSI string to be searched 
    ;               for. 
    ; Returns:
    ;       Pointer to first occurance to string found, or NULL if not found.
    ;
    BMStrStr proc uses ebx edi esi pString1:DWORD, pString2:DWORD         
            LOCAL   StringLen:DWORD
            LOCAL   EndOfData:DWORD         
            LOCAL	bm_table:BMTABLE
                            
            invoke  StrLen,pString2
            test    eax,eax
            jz      ReturnNotFound
            mov     StringLen,eax   
                                                    
            invoke  StrLen,pString1
            test    eax,eax
            jz      ReturnNotFound
            add     eax,pString1    
            mov     EndOfData,eax           
                    
            lea     edi,bm_table            
            push    edi
            mov     eax,StringLen
            mov     ecx,256
    stosd_loop:        
            mov     [edi],eax        
            add     edi,4
            dec     ecx        
            jnz     stosd_loop                
            pop     edi     
    
            mov     ecx,eax
            push    eax
            dec     ecx
            mov     esi,pString2
            push    edi
            xor     eax,eax
    FillTableLoop:  
            mov     al,byte ptr [esi]
            inc     esi
            mov     dword ptr [edi+(eax*4)],ecx
            dec     ecx
            jns     FillTableLoop
            
            pop     edi     ; edi->bm_table
            pop     ecx     ; ecx=size of string
            mov     esi,pString1
            mov     ebx,pString2
            dec     ecx
            add     ebx,ecx
            add     esi,ecx 
            mov     edx,EndOfData        
    MainSearchLoop: 
            xor     eax,eax
            mov     al,byte ptr [esi]
            mov     ecx,dword ptr [edi+(eax*4)]
            test    ecx,ecx
            jz      strcmp   
            add     esi,ecx
    NextIteration:
            cmp     esi,edx
            jbe     MainSearchLoop  
            jmp     ReturnNotFound
            
    strcmp:                          
            push    ebx
            push    esi
            mov     ecx,StringLen
            RevStrCmp
            jz      ReturnFound
            pop     esi
            pop     ebx
            inc     esi     
            jmp     NextIteration
            
    ReturnFound:            
            pop     ebx     
            mov     eax,esi        
            pop     esi     
            ret
            
    ReturnNotFound:         
            xor     eax,eax
            ret        
    BMStrStr endp
    
    ;
    ; ====( BMStrStri)==== 
    ; Prototype: 
    ;       char *BMStrStri(char *String1, char *String2);
    ;
    ; Synopsis: Performs case-sensitive Boyer-Moore string search.
    ; 
    ; pSearchData = Pointer to null terminated ANSI string to be searched
    ;               through.
    ; pString2    = Pointer to null terminated ANSI string to be searched 
    ;               for. 
    ; Returns:
    ; Pointer to first occurance to string found, or NULL if not found.
    ;
    
    
    BMStrStri proc uses ebx edi esi pString1:DWORD, pString2:DWORD         
            LOCAL   StringLen:DWORD
            LOCAL   EndOfData:DWORD 
            LOCAL	bm_table:BMTABLE
                                                                            
            invoke  StrLen,pString2
            test    eax,eax
            jz      ReturnNotFound
            mov     StringLen,eax   
                                                    
            invoke  StrLen,pString1
            test    eax,eax
            jz      ReturnNotFound
            add     eax,pString1    
            mov     EndOfData,eax           
                    
            lea     edi,bm_table            
            push    edi
            mov     eax,StringLen
            mov     ecx,256
    stosd_loop:        
            mov     [edi],eax        
            add     edi,4
            dec     ecx        
            jnz     stosd_loop        
            pop     edi     
    
            mov     ecx,eax
            push    eax
            dec     ecx
            mov     esi,pString2
            push    edi
            xor     eax,eax
    FillTableLoop:  
            mov     al,byte ptr [esi]
            inc     esi                
            ToLower al        
            mov     dword ptr [edi+(eax*4)],ecx
            dec     ecx
            jns     FillTableLoop
            
            pop     edi     ; edi->bm_table
            pop     ecx     ; ecx=size of string
            mov     esi,pString1
            mov     ebx,pString2
            dec     ecx
            add     ebx,ecx
            add     esi,ecx 
            mov     edx,EndOfData        
    MainSearchLoop: 
            xor     eax,eax
            mov     al,byte ptr [esi]        
            ToLower al        
            mov     ecx,dword ptr [edi+(eax*4)]
            test    ecx,ecx
            jz      strcmp   
            add     esi,ecx
    NextIteration:
            cmp     esi,edx
            jbe     MainSearchLoop
            jmp     ReturnNotFound
            
    strcmp:                          
            push    ebx
            push    esi        
            mov     ecx,StringLen
            RevStrCmpi
            jz      ReturnFound
            pop     esi
            pop     ebx
            inc     esi     
            jmp     NextIteration
            
    ReturnFound:        
            pop     ebx     
            mov     eax,esi        
            pop     esi     
            ret
            
    ReturnNotFound: 
            xor     eax,eax
            ret
    BMStrStri endp
    
    ; ====( BMBinBin)==== 
    ; Prototype: 
    ;       void *BMBinBin(void *Data1, unsigned int Data1Len,
    ;                       void *Data2, unsigned int Data2Len);
    ;
    ; Synopsis: Performs binary search for pData2 within pData1.
    ; 
    ; pData1      = Pointer to data to be searched through.
    ; Data1Len    = length of data pointed to by pData1
    ; pData2      = Pointer to data to be searched for.
    ; Data2Len    = length of data pointed to by pData2
    ; 
    ; Returns:
    ; Pointer to first occurance of data found, or NULL if not found.
    ;
    ;
    BMBinBin proc uses ebx edi esi pData1:DWORD, Data1Len:DWORD,
                                   pData2:DWORD, Data2Len:DWORD
               
            LOCAL   EndOfData:DWORD
            LOCAL	bm_table:BMTABLE
            
            mov     eax,pData1
            add     eax,Data1Len
            mov     EndOfData,eax   
                                       
            lea     edi,bm_table            
            push    edi
            mov     eax,Data2Len
            mov     ecx,256
    stosd_loop:        
            mov     [edi],eax        
            add     edi,4
            dec     ecx        
            jnz     stosd_loop                
            pop     edi     
    
            mov     ecx,eax
            push    eax
            dec     ecx
            mov     esi,pData2
            push    edi
            xor     eax,eax
    FillTableLoop:  
            mov     al,byte ptr [esi]
            inc     esi
            mov     dword ptr [edi+(eax*4)],ecx
            dec     ecx
            jns     FillTableLoop
            
            pop     edi     ; edi->bm_table
            pop     ecx     ; ecx=size of string
            mov     esi,pData1
            mov     ebx,pData2 
            dec     ecx
            add     ebx,ecx
            add     esi,ecx 
            mov     edx,EndOfData        
    MainSearchLoop: 
            xor     eax,eax
            mov     al,byte ptr [esi]
            mov     ecx,dword ptr [edi+(eax*4)]
            test    ecx,ecx
            jz      strcmp   
            add     esi,ecx
    NextIteration:
            cmp     esi,edx
            jbe     MainSearchLoop
            jmp     ReturnNotFound
            
    strcmp:                          
            push    ebx
            push    esi
            mov     ecx,Data2Len
            RevStrCmp
            jz      ReturnFound
            pop     esi
            pop     ebx
            inc     esi     
            jmp     NextIteration
            
    ReturnFound:        
            pop     ebx     
            mov     eax,esi        
            pop     esi     
            ret
            
    ReturnNotFound: 
            xor     eax,eax
            ret
    BMBinBin endp
    
    
    ;
    ; Optimized strlen by Agner Fog
    ; 
    ; DWORD strlen(char *string)
    ;
    ; I certainly can't out optimize Agner Fog, so I'm not about to try.
    ; Full credits goto him for this super-optimized strlen procedure.
    ;
    ; 01-11-2000: Slightly modified by Jeremy Collake (lowercase code)
    ;             to force dword alignment.
    ;
    ;
    StrLen PROC    pString:DWORD
            PUSH    EBX
            MOV     EAX,pString            ; get pointer to string
            LEA     EDX,[EAX+3]            ; pointer+3 used in the end
            mov	ebx,[eax]
    	add	eax,4
    	lea	ecx,[ebx-01010101h]
    	not	ebx
    	and	ecx,ebx
    	and	ecx,80808080h
    	jnz	j1
    	shr	eax,2
    	shl	eax,2        
    L1:     MOV     EBX,[EAX]              ; read first 4 bytes
            ADD     EAX,4                  ; increment pointer
            LEA     ECX,[EBX-01010101H]    ; subtract 1 from each byte
            NOT     EBX                    ; invert all bytes
            AND     ECX,EBX                ; and these two
            AND     ECX,80808080H          ; test all sign bits
            JZ      L1                     ; no zero bytes, continue loop
    j1:
            TEST    ECX,00008080H          ; test first two bytes
            JNZ     SHORT L2
            SHR     ECX,16                 ; not in the first 2 bytes
            ADD     EAX,2
    L2:     SHL     CL,1                   ; use carry flag to avoid branch
            SBB     EAX,EDX                ; compute length
            POP     EBX
            RET    
    StrLen ENDP
    
    
     

Поделиться этой страницей