|
From: | Mihail Abakumov |
Subject: | Re: [Qemu-devel] [PATCH 41/43] windbg: implemented kd_api_search_memory |
Date: | Tue, 24 Oct 2017 14:59:26 +0300 |
User-agent: | Roundcube Webmail/1.1.2 |
Ladi Prosek писал 2017-10-03 16:58:
On Tue, Sep 26, 2017 at 1:07 PM, Mihail Abakumov <address@hidden> wrote:+ + uint8_t mem[s_len - 1 + p_len];s_len could be very large, people do things like 0:000> s -d 0x80000000 L?0x7fffffff <pattern> You should not allocate this buffer on the stack and preferably break large searches down to smaller ranges, i.e. don't allocate and read ~s_len bytes all at once.
Yes, you're right. I corrected it.
+ int err = cpu_memory_rw_debug(cpu, addr, mem, sizeof(mem), 0); + if (!err) { + int i; + pd->m64.ReturnStatus = STATUS_NO_MORE_ENTRIES; + for (i = 0; i < s_len; ++i) { + if (memcmp(mem + i, pd->extra, p_len) == 0) { + m64c->FoundAddress = addr + i; + m64c->FoundAddress = ldq_p(&m64c->FoundAddress); + pd->m64.ReturnStatus = STATUS_SUCCESS; + break; + } + }Use memmem instead?
For some reason, I do not have such function. Thanks, Mihail Abakumov
[Prev in Thread] | Current Thread | [Next in Thread] |