What does this code do? found &= pattern[j] == *(char*)(base + i + j)

1

I came across some confusing code, and I don't know what it signifies:

found &= pattern[j] == *(char*)(base + i + j);

I've tried rewriting it, and this is what I've made so far:

if (pattern[j] == *(char*)(base + i + j))
{
  found = found & pattern[j];
}

For context, the full snippet:

DWORD FindPattern(char *module, char *pattern)
{
  MODULEINFO mInfo = GetModuleInfo(module);

  /*typedef struct _MODULEINFO {
    LPVOID lpBaseOfDll;
    DWORD  SizeOfImage;
    LPVOID EntryPoint;
  } MODULEINFO, *LPMODULEINFO;*/

  DWORD base = (DWORD)mInfo.lpBaseOfDll;
  DWORD size = (DWORD)mInfo.SizeOfImage;
  DWORD EntryPoint = (DWORD)mInfo.EntryPoint;
  HANDLE han = GetStdHandle(STD_OUTPUT_HANDLE);

  DWORD patternLength = (DWORD)strlen(pattern);

  AllocConsole();
  FILE* fp;
  freopen_s(&fp, "CONOUT$", "w", stdout);
  printf("로드주소: %p\n", base);//0x400000
  printf("사이즈: %08X\n", size);//0x13F000
  printf("엔트리포인트: %p\n",EntryPoint);//0x4B8F6B
  printf("옵코드 주소: %p\n", *pattern);
  printf("옵코드 길이: %08x\n", patternLength);//0x11

  //프로세스에서 옵코드를 뺀 만큼 반복
  for (DWORD i = 0; i < size - patternLength; i++)//0x13F000-0x11 = 13EFEF
  {
    bool found = true;
    for (DWORD j = 0; j < patternLength; j++)
    {
      found &= pattern[j] == *(char*)(base + i + j);
      /*if (pattern[j] == *(char*)(base + i + j))
      {
        found = found & pattern[j];
      }*/
    }

    if (found)
      return base + i;
  }
  return 0xDEADBEEF;
}
c
asked on Stack Overflow Apr 17, 2018 by JungWooHwang • edited Apr 18, 2018 by Moia

2 Answers

3

and is it the same code as below?

No its is not the same, that code is logically equal to:

if( pattern[j] == *(char *)(base + i + j) ) found = found & 1;
else found = 0; // or found = found & 0; which has the same effect
answered on Stack Overflow Apr 17, 2018 by Slava
1

To make the statement more clear in fact this code snippet

bool found = true;
for (DWORD j = 0; j < patternLength; j++)
{
    found &= pattern[j] == *(char*)(base + i + j);
    /*if (pattern[j] == *(char*)(base + i + j))
    {
        found = found & pattern[j];
    }*/
}

if (found)
    return base + i;

can be rewritten the following way

bool found = true;
for (DWORD j = 0; found && j < patternLength; j++)
{
    if ( pattern[j] != *(char*)(base + i + j) )
    {
        found = false;
    }
}

if (found)
    return base + i;

Or like

bool found = true;
for (DWORD j = 0; found && j < patternLength; j++)
{
    found = pattern[j] == *(char*)(base + i + j) )
}

if (found)
    return base + i;

So when pattern[j] != *(char*)(base + i + j) then it means that the expression

pattern[j] == *(char*)(base + i + j)

yields 0 and found &= 0 results in found is set to 0.

I have wriiten the condition of the loop like

found && j < patternLength

because it does not make sense to continue the loop when it is already known that there are unequal characters.

answered on Stack Overflow Apr 17, 2018 by Vlad from Moscow • edited Apr 17, 2018 by Vlad from Moscow

User contributions licensed under CC BY-SA 3.0