Ladi Prosek писал 2017-10-03 16:58:
On Tue, Sep 26, 2017 at 1:07 PM, Mihail Abakumov
<mikhail.abaku...@ispras.ru> wrote:
+
+ uint8_t mem[s_len - 1 + p_len];
s_len could be very large, people do things like
0:000> s -d 0x80000000 L?0x7fffffff <pattern>
You should not allocate this buffer on the stack and preferably break
large searches down to smaller ranges, i.e. don't allocate and read
~s_len bytes all at once.
Yes, you're right. I corrected it.
+ int err = cpu_memory_rw_debug(cpu, addr, mem, sizeof(mem), 0);
+ if (!err) {
+ int i;
+ pd->m64.ReturnStatus = STATUS_NO_MORE_ENTRIES;
+ for (i = 0; i < s_len; ++i) {
+ if (memcmp(mem + i, pd->extra, p_len) == 0) {
+ m64c->FoundAddress = addr + i;
+ m64c->FoundAddress = ldq_p(&m64c->FoundAddress);
+ pd->m64.ReturnStatus = STATUS_SUCCESS;
+ break;
+ }
+ }
Use memmem instead?
For some reason, I do not have such function.
Thanks,
Mihail Abakumov
