-
Notifications
You must be signed in to change notification settings - Fork 3
API: MmSigscanRegion
Scans a user-defined region of memory for an array of bytes, and returns the base address of the first match.
size_t MmSigscanRegion(
[in] const unsigned char* RegionBase,
[in] const size_t RegionSize,
[in] const unsigned char* Pattern,
[in] const char* PatternMask
);The base address of the region that will be scanned for a matching array of bytes.
The size, in bytes, of the region to be scanned.
A pointer to an array of bytes for which the region from RegionBase up to RegionBase + RegionSize will be scanned. The size of this array is dictated by the length of the mask supplied in PatternMask, excluding the terminating NULL character.
The mask to be applied to the array of bytes pointed-to by Pattern - each character in the mask, excluding the terminating NULL character, corresponds to one byte in the Pattern string. To skip checking a particular byte, supply a ? character at the byte's position to indicate an unknown byte. Any other non-NULL character is ignored, and the corresponding byte will be checked.
If no match is found, or the parameters are invalid, the function returns 0. Otherwise, the function returns the base address of the first match.