0

I need to scan a range of addresses in linux memory and compare its content in 4 bytes jump, I searched the web and didn't find a helpful implementation. the function I need to implement should be used in a module I'm trying to do. anyway, the signature of the function:

void scanMemory(int scan_range) {
   // implementation here...
}

illustration I need to scan the range between read func which I know and utsname (starting at utsname)

I found so far: C Pointers to scan memory which is using a for loop but not quite as I need.

Memory pattern scanning on Linux in C here I found the following:

for(i = 0; i < size; i++)
    {
         if(_compare((unsigned char *)(address + i), (unsigned char *)pattern, mask))
               return (unsigned long)(address + i);
    }

but I'm not sure the jumps is just 4 bytes.

I'm looking for ideas or implementation of the for-loop i describe above

Simson
  • 3,373
  • 2
  • 24
  • 38
Guy Sadoun
  • 427
  • 6
  • 17
  • What is `scan_range`? – Swordfish Jan 08 '19 at 19:50
  • the range of addresses I need to scan, I get the range by subbing 2 addresses. – Guy Sadoun Jan 08 '19 at 19:57
  • *the range of addresses I need to scan* – Then it should be `ptrdiff_t` or `size_t` and not `int`. And how does your function know where to start? – Swordfish Jan 08 '19 at 19:58
  • The prototype doesn't pass enough information to specify a range of memory to look at, or what to look _for_. You would need to use either a first and last address (and be clear about whether your range includes the last address or not) or you could pass a start address and a size (and you need to be clear about whether the size is in bytes or in 4-byte items, since you say you're looking at 4 bytes at a time.) Then your search function needs to be able to return its findings. All in all, I'd recommend `int* scanMemory(int* address, int size, int pattern)` assuming you're using 4-byte `int`s – Tim Randall Jan 08 '19 at 20:22

0 Answers0