;========================================================================================================================================== ; ; How to do a wildcard search in a binary buffer? ; ;========================================================================================================================================== ; ; Yes, it is possible when understanding the buffer content as a stream of hex characters. ; ; After unloading the binary buffer into a hex string it is possible to search the hex string for ; byte stream sequences by wildcard pattern using the WinBatch functions StrIndexWild () and StrSubWild (). ; ;.......................................................................................................................................... ; (c)Detlev Dalitz.20030729.20100209. ;.......................................................................................................................................... ; Example. strMsgTitle = "Example: How to do a wildcard search in a binary buffer?" ; Define filenames for this example. strFolderTemp = ShortCutDir ("Local Settings") : "\Temp\" strFileBinIn = strFolderTemp : "Wildcard.Test.In.bin" strFileBinOut = strFolderTemp : "Wildcard.Test.Out.bin" ; Use a copy of this script file as the input file, neglecting that ; it is not a pure binary file, but it demonstrates the principle. blnResult = FileCopy (IntControl (1004, 0, 0, 0, 0), strFileBinIn, @FALSE) ; Delete possibly existing output file. If FileExist (strFileBinOut) == 1 Then FileDelete (strFileBinOut) ; This is a comment line (1) which can be found by the wild search. ; Define something that we can find in the input file. ; Following parts of text will be found in this test too. ; ; In this example we use the 'zero or more star "*" pattern' to find ; any byte stream content which begins with "line" and ends with "found". strWildStart = "line" strWildEnd = "found" strWildHex = ChrStringToHex (strWildStart) : "*" : ChrStringToHex (strWildEnd) ; Get the binary content from the input file. intBBSize = FileSize (strFileBinIn, 1) hdlBB = BinaryAlloc (intBBSize) intBytesRead = BinaryRead (hdlBB, strFileBinIn) ; Get content as hex string. strHex = BinaryPeekHex (hdlBB, 0, intBBSize) ; Do the search on the hex string. intFound = 0 intWildPos = 0 While @TRUE intWildPos = StrIndexWild (strHex, strWildHex, intWildPos) If !intWildPos Then Break intFound = intFound + 1 strWild = StrSubWild (strHex, strWildHex, intWildPos) intOffset = intWildPos / 2 intByteCount = StrByteCount (strWild, 0) / 2 ; Write the found part of byte stream to output file. intBytesWritten = BinaryWriteEx (hdlBB, intOffset, strFileBinOut, FileSize (strFileBinOut), intByteCount) ; Additionally write a delimiter sequence of zero bytes until to the end of the next paragraph. intBytesWritten = BinaryWriteEx (hdlBB, intOffset, strFileBinOut, FileSize (strFileBinOut) + 32 - (intByteCount mod 16), 0) ; Prepare for the next search. intWildPos = intWildPos + intByteCount + intByteCount EndWhile ; Release the binary buffer. hdlBB = BinaryFree (hdlBB) strMsgText = "Found: " : intFound Pause (strMsgTitle, strMsgText) ; Display result in hex viewer. strAppBrowser = DirHome () : "Browser.exe" intProcId = RunShell (strAppBrowser, '"' : strFileBinOut : '"', "", @NORMAL, @GETPROCID) SendKeysTo (WinItemProcId (intProcId, 0, 0), "^h") blnResult = AppWaitClose (strAppBrowser) ; This is a comment line (2) which can be found by the wild search. :CANCEL Exit ;==========================================================================================================================================