public static IEnumerable <Tuple <ulong, string> > SimpleRegex(Regex re, DetectedProc dp, bool MatchAscii = true, bool MatchUTF16 = false, bool MatchUTF8 = false)
{
byte[] block4k = new byte[PAGE_SIZE];
byte[] block2MB = new byte[LARGE_PAGE_SIZE];
string s = string.Empty;
MatchCollection mc = null;
dp.MemAccess.ResetDumpBitmap();
foreach (var entry in dp.PT.FillPageQueue(false, true, true, false))
{
if (dp.MemAccess.IsDumpedPFN(entry.PTE))
{
continue;
}
dp.MemAccess.SetDumpedPFN(entry.PTE);
bool GotData = false;
byte[] block = entry.PTE.LargePage ? block2MB : block4k;
dp.MemAccess.GetPageForPhysAddr(entry.PTE, ref block, ref GotData);
if (!GotData ||
UnsafeHelp.IsZeroPage(block) == 0 ||
UnsafeHelp.IsFFFPage(block) == 0)
{
continue;
}
if (MatchAscii)
{
s = Encoding.ASCII.GetString(block, 0, block.Length);
mc = re.Matches(s);
foreach (Match m in mc)
{
yield return(Tuple.Create <ulong, string>(entry.VA.FullAddr + (uint)m.Index, m.Value));
}
}
if (MatchUTF16)
{
s = Encoding.Unicode.GetString(block, 0, block.Length);
mc = re.Matches(s);
foreach (Match m in mc)
{
yield return(Tuple.Create <ulong, string>(entry.VA.FullAddr + (uint)m.Index, m.Value));
}
}
if (MatchUTF8)
{
s = Encoding.UTF8.GetString(block, 0, block.Length);
mc = re.Matches(s);
foreach (Match m in mc)
{
yield return(Tuple.Create <ulong, string>(entry.VA.FullAddr + (uint)m.Index, m.Value));
}
}
}
yield break;
}
