for(int i = 0; i < lenSearchWhat; i++)
{
if(pSearchWhat[i] == ignoreByte)
{
matchtimesAll--;
}
else
{
if(pSearchWhat[i] == pSearchFrom[i])
matchtimes++;
}
}
int rate = (matchtimes * 100 / matchtimesAll);
if(rate > minMatchRate)
{
matchedRate = rate;
return true;
}
else
return false;
}
//if searched, return the offset; if not searched, return -1
int searchdata (unsigned char* pSearchFrom, int lenSearchFrom, unsigned char* pSearchWhat, int lenSearchWhat,
unsigned char ignoreByte, int minMatchRate, int& matchedRate)
{
for(int i = 0; i < lenSearchFrom - lenSearchWhat + 1; i++)
{
if(matchdata(pSearchFrom+i, pSearchWhat, lenSearchWhat, ignoreByte, minMatchRate, matchedRate))
{
return i;
}
}
return -1;
}
此外,我们允许用户输入的特征码为16进制的文本数据,形如“FF7424 10 E8 00 00 00 00 C2 1000”,程序内部需将其转换为内存中的二进制数据,每两个字母转换为一个字节值,并处理其中的空格等字符:
bool HexText2Mem(char* szSignature, BufferedMem& mem)
{
int len = strlen(szSignature);
char firstchar = �;
for(int i = 0; i < len; i++)
{
char c = szSignature[i];
if(c == || c == || c == , )
{
if(firstchar)
mem.AppendByte(hexchar2decimal(firstchar));
firstchar = �;
continue;
}
bool isLetterChar = ((c >= A && c <= F) || (c >= a && c <= f));
bool isNumChar = (c >= 0 && c <= 9);
if(!isLetterChar && !isNumChar)
{
szSignature[i+1] = �;
printf(" error in hexadecimal text of signature data, the printed last char is invalid: %s ", szSignature);
return false;
}
if(firstchar == �)
{
firstchar = c;
}
else
{
mem.AppendByte(hexchar2decimal(firstchar)*16 + hexchar2decimal(c));
firstchar = �;
}
}
return true;
}
int hexchar2decimal(char c)
{
if(c >= 0 && c <= 9)
return (c - 0);
else if(c >= A && c <= F)
return (c - A + 10);
else if(c >= a && c <= f)
return (c - a + 10);
else
return 0;
}
程序的最终运行结果如下图。此搜索定位结果与上一篇用易语言定位的结果(图)是一致的(对比搜索到的特征码文件偏移及匹配率