i want search in anthor array
for example
dim a as string ,b () as byte
read one file into b
a="1234????5678??12"
search a in b, is find return offset .
who can have a good idea thanks
sorry my poor English$
Here's another simple approach that works best on small files:
Code:
Option Explicit
Private Sub Main()
Dim BinaryFile() As Byte, Signature() As Byte
Dim FN As Integer, Pos As Long, SigLen As Long
FN = FreeFile
Open "BinaryFile.bin" For Binary Access Read As FN
ReDim BinaryFile(0& To LOF(FN) - 1&) As Byte
Get FN, , BinaryFile()
Close FN
Signature() = StrConv("1234????5678??12", vbFromUnicode)
SigLen = UBound(Signature) + 1&
Pos = 1& - SigLen
Do: Pos = InStrB(Pos + SigLen, BinaryFile(), Signature())
If Pos Then Debug.Print Pos Else Exit Do
Loop
End Sub 'NOTE: InStrB() returns a 1-based offset!
On Local Error Resume Next: If Not Empty Is Nothing Then Do While Null: ReDim i(True To False) As Currency: Loop: Else Debug.Assert CCur(CLng(CInt(CBool(False Imp True Xor False Eqv True)))): Stop: On Local Error GoTo 0
I doubt that either of those solutions will match the pattern.
I'm assuming some regex type matching is wanted, where the ? in the string match any character in that position.
I think neither "Like" nor InStrB will do wildcard character matching for the question mark characters in the pattern string.
Well, the search using InStrB could be modified like the following:
Find "1234".
If found, skip 4 bytes ("????").
If next 4 bytes are "5678"
then skip 2 bytes ("??").
If next 2 bytes are "12"
then return offset found in step 1.
On Local Error Resume Next: If Not Empty Is Nothing Then Do While Null: ReDim i(True To False) As Currency: Loop: Else Debug.Assert CCur(CLng(CInt(CBool(False Imp True Xor False Eqv True)))): Stop: On Local Error GoTo 0
Option Explicit
Private Sub Form_Load()
Dim A() As Byte, P() As Byte, M() As Byte, N As Long
ReDim A(99) ' array
ReDim P(4) ' sequence
ReDim M(4) ' mask
For N = 0 To 99: A(N) = Rnd * 10: Next
A(90) = 1: A(91) = 2: A(92) = 3: A(93) = 4: A(94) = 5
P(0) = 1: P(1) = 2: P(2) = 3: P(3) = 4: P(4) = 5 ' // Set signature
M(0) = 1: M(1) = 0: M(2) = 0: M(3) = 1: M(4) = 1 ' // Set mask
MsgBox Format(FindSignature(A, P, M), "0;not found;0")
End Sub
Private Function FindSignature( _
A() As Byte, _
P() As Byte, _
M() As Byte) As Long
Dim N As Long, Z As Long
N = 0: Z = 0
Do While N <= UBound(A)
If A(N) = P(Z) Or M(Z) = 0 Then
Z = Z + 1
If Z > UBound(P) Then
FindSignature = N - UBound(P)
Exit Function
End If
Else
If Z Then
N = N - Z + 1
Z = 0
End If
End If
N = N + 1
Loop
FindSignature = -1
End Function
Yeah right, first learn how (exe etc.) packer applications are working and introduce NT PE-file header construction to yourself also and what comes to data compression 'usually' signature bytes are in the very beginning of compressed packages.
So in plain english if one is packing executable or what ever file, then one might want to put signature in the beginning of compressed part. New PE header, which contain extractor (few kilobtyes), then compressed original file starting with signature bytes.
Last edited by Tech99; Jan 27th, 2016 at 05:59 AM.
Don't use a string to work with binary data.
You should use a mask to set the significant bytes.
For example you have a file, and you want to find the place where the signature is placed:
The red rectangles are fixed data, and therebetween is placed the variable data. You should set the mask:
Code:
10110111
,
i.e. find 1'st byte, 2'd byte is ignored, 3'rd and 4'th is considered, etc.
Read the file to a byte array and set the signature with mask:
Code:
Option Explicit
Private Sub Form_Load()
Dim A() As Byte, P() As Byte, M() As Byte, f As Integer
f = FreeFile
Open App.Path & "\bin" For Binary As f
ReDim A(LOF(f) - 1)
Get f, , A
Close f
ReDim P(7): ReDim M(7)
P(0) = &HFF: P(2) = &H29: P(3) = &H54: P(5) = &H61: P(6) = &H12: P(7) = &H54
M(0) = 1: M(2) = 1: M(3) = 1: M(5) = 1: M(6) = 1: M(7) = 1
MsgBox Format(Hex$(FindSignature(A, P, M)), "0;not found;0")
End Sub
Private Function FindSignature( _
A() As Byte, _
P() As Byte, _
M() As Byte) As Long
Dim N As Long, Z As Long
N = 0: Z = 0
Do While N <= UBound(A)
If A(N) = P(Z) Or M(Z) = 0 Then
Z = Z + 1
If Z > UBound(P) Then
FindSignature = N - UBound(P)
Exit Function
End If
Else
If Z Then
N = N - Z + 1
Z = 0
End If
End If
N = N + 1
Loop
FindSignature = -1
End Function
Reply With Quote
Originally Posted by Bonnie West
