Add test utility

Test code for pattern lookups
2022-05-27 11:46:22 +07:00 · 2022-05-27 11:46:22 +07:00 · f9a3362f0e
parent fe7010c574
commit f9a3362f0e
8 changed files with 657 additions and 0 deletions
--- a/Source/Utils/SearchPattern/SearchPattern.cpp
+++ b/Source/Utils/SearchPattern/SearchPattern.cpp
@ -0,0 +1,418 @@
+#include <Windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+//
+// Search callback, return TRUE to stop search.
+//
+typedef BOOL(CALLBACK* pfnSearchCallback)(
+    _In_ PBYTE Buffer,
+    _In_ ULONG PatternSize,
+    _In_opt_ PVOID CallbackContext
+    );
+
+typedef struct _SEARCH_PARAMS {
+    PBYTE Buffer;
+    DWORD BufferSize;
+    PBYTE Pattern;
+    DWORD PatternSize;
+    PBYTE Mask;
+    pfnSearchCallback Callback;
+    PVOID CallbackContext;
+} SEARCH_PARAMS, * PSEARCH_PARAMS;
+
+DWORD SearchPattern(
+    _In_ PSEARCH_PARAMS SearchParams
+)
+{
+    PBYTE   p;
+    DWORD   c, i, n;
+    BOOLEAN found;
+    BYTE    low, high;
+
+    DWORD   bufferSize;
+
+    if (SearchParams == NULL)
+        return 0;
+
+    if ((SearchParams->PatternSize == 0) || (SearchParams->PatternSize > SearchParams->BufferSize))
+        return 0;
+
+    bufferSize = SearchParams->BufferSize - SearchParams->PatternSize;
+
+    for (n = 0, p = SearchParams->Buffer, c = 0; c <= bufferSize; ++p, ++c)
+    {
+        found = 1;
+        for (i = 0; i < SearchParams->PatternSize; ++i)
+        {
+            low = p[i] & 0x0f;
+            high = p[i] & 0xf0;
+
+            if (SearchParams->Mask[i] & 0xf0)
+            {
+                if (high != (SearchParams->Pattern[i] & 0xf0))
+                {
+                    found = 0;
+                    break;
+                }
+            }
+
+            if (SearchParams->Mask[i] & 0x0f)
+            {
+                if (low != (SearchParams->Pattern[i] & 0x0f))
+                {
+                    found = 0;
+                    break;
+                }
+            }
+
+        }
+
+        if (found) {
+
+            if (SearchParams->Callback(p,
+                SearchParams->PatternSize,
+                SearchParams->CallbackContext))
+            {
+                return n + 1;
+            }
+
+            n++;
+        }
+    }
+
+    return n;
+}
+
+#define MAX_DOS_HEADER (256 * (1024 * 1024))
+
+PIMAGE_NT_HEADERS GetImageNtHeader(
+    _In_ PVOID Base)
+{
+    PIMAGE_NT_HEADERS NtHeaders = NULL;
+    if (Base != NULL && Base != (PVOID)-1) {
+        __try {
+            if ((((PIMAGE_DOS_HEADER)Base)->e_magic == IMAGE_DOS_SIGNATURE) &&
+                (((ULONG)((PIMAGE_DOS_HEADER)Base)->e_lfanew) < MAX_DOS_HEADER)) {
+                NtHeaders = (PIMAGE_NT_HEADERS)((PCHAR)Base + ((PIMAGE_DOS_HEADER)Base)->e_lfanew);
+                if (NtHeaders->Signature != IMAGE_NT_SIGNATURE) {
+                    NtHeaders = NULL;
+                }
+            }
+        }
+        __except (EXCEPTION_EXECUTE_HANDLER) {
+            NtHeaders = NULL;
+        }
+    }
+    return NtHeaders;
+}
+
+PVOID LookupImageSectionByName(
+    _In_ CHAR* SectionName,
+    _In_ ULONG SectionNameLength,
+    _In_ PVOID DllBase,
+    _Out_ PULONG SectionSize
+)
+{
+    BOOLEAN bFound = FALSE;
+    ULONG i;
+    PVOID Section;
+    IMAGE_NT_HEADERS* NtHeaders = GetImageNtHeader(DllBase);
+    IMAGE_SECTION_HEADER* SectionTableEntry;
+
+    if (SectionSize)
+        *SectionSize = 0;
+
+    if (NtHeaders == NULL)
+        return NULL;
+
+    SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeaders +
+        sizeof(ULONG) +
+        sizeof(IMAGE_FILE_HEADER) +
+        NtHeaders->FileHeader.SizeOfOptionalHeader);
+
+    i = NtHeaders->FileHeader.NumberOfSections;
+    while (i > 0) {
+
+        if (memcmp(
+            (CHAR*)SectionTableEntry->Name,
+            SectionName,
+            SectionNameLength) == 0)
+        {
+            bFound = TRUE;
+            break;
+        }
+
+        i -= 1;
+        SectionTableEntry += 1;
+    }
+
+    if (!bFound)
+        return NULL;
+
+    Section = (PVOID)((ULONG_PTR)DllBase + SectionTableEntry->VirtualAddress);
+    if (SectionSize)
+        *SectionSize = SectionTableEntry->Misc.VirtualSize;
+
+    return Section;
+}
+
+VOID UnmapInputFile(
+    _In_ PVOID FileMapping
+)
+{
+    if (FileMapping) UnmapViewOfFile(FileMapping);
+}
+
+PVOID MapInputFile(
+    _In_ LPCTSTR lpFileName,
+    _Out_ LARGE_INTEGER* liFileSize
+)
+{
+    DWORD lastError = 0;
+    HANDLE fileHandle, sectionHandle = NULL;
+    PVOID pvImageBase = NULL;
+
+    do {
+
+        liFileSize->QuadPart = 0;
+
+        fileHandle = CreateFile(lpFileName,
+            GENERIC_READ,
+            FILE_SHARE_READ,
+            NULL,
+            OPEN_EXISTING,
+            FILE_SUPPORTS_BLOCK_REFCOUNTING | FILE_ATTRIBUTE_NORMAL,
+            NULL);
+
+        if (fileHandle == INVALID_HANDLE_VALUE)
+            break;
+
+        if (!GetFileSizeEx(fileHandle, liFileSize))
+            break;
+
+        sectionHandle = CreateFileMapping(fileHandle, NULL,
+            PAGE_READONLY | SEC_IMAGE,
+            0,
+            0,
+            NULL);
+
+        if (sectionHandle == NULL)
+            break;
+
+        pvImageBase = MapViewOfFile(
+            sectionHandle,
+            FILE_MAP_READ,
+            0, 0, 0);
+
+        if (pvImageBase == NULL)
+            break;
+
+    } while (FALSE);
+
+    lastError = GetLastError();
+    if (fileHandle != INVALID_HANDLE_VALUE) CloseHandle(fileHandle);
+    if (sectionHandle) CloseHandle(sectionHandle);
+    SetLastError(lastError);
+    return pvImageBase;
+}
+
+int _isspace(int c)
+{
+    return (c == '\t' || c == '\n' ||
+        c == '\v' || c == '\f' || c == '\r' || c == ' ' ? 1 : 0);
+}
+
+char* trimstring(
+    _In_ const char* src,
+    _In_ char* dst
+)
+{
+    while (*src) {
+        if (!_isspace(*src)) {
+            *dst++ = *src;
+        }
+        src++;
+    }
+    *dst = 0;
+    return dst;
+}
+
+size_t hex2bin(
+    _In_ const char* src,
+    _In_ unsigned char* dst)
+{
+    unsigned char value = 0;
+    unsigned char c;
+    size_t i = 0;
+
+    while (*src) {
+
+        c = *src;
+        if (c >= '0' && c <= '9')
+            value = (c - '0');
+        else if (c >= 'A' && c <= 'F')
+            value = (10 + (c - 'A'));
+        else if (c >= 'a' && c <= 'f')
+            value = (10 + (c - 'a'));
+        else {
+            if (_isspace(c)) {
+                src++;
+                continue;
+            }
+        }
+
+        dst[i / 2] += value << (((i + 1) % 2) * 4);
+        i++;
+        src++;
+    }
+
+    return i / 2;
+}
+
+__inline TCHAR nibbletoh(BYTE c, BOOLEAN upcase)
+{
+    if (c < 10)
+        return TEXT('0') + c;
+
+    c -= 10;
+
+    if (upcase)
+        return TEXT('A') + c;
+
+    return TEXT('a') + c;
+}
+
+LPTSTR PrintHex(
+    _In_reads_bytes_(Length) LPBYTE Buffer,
+    _In_ ULONG Length,
+    _In_ BOOLEAN UpcaseHex
+)
+{
+    ULONG   c;
+    PTCHAR  lpText;
+    BYTE    x;
+
+    lpText = (LPTSTR)LocalAlloc(LPTR, sizeof(TCHAR) + ((SIZE_T)Length * 2 * sizeof(TCHAR)));
+    if (lpText) {
+
+        for (c = 0; c < Length; ++c) {
+            x = Buffer[c];
+
+            lpText[c * 2] = nibbletoh(x >> 4, UpcaseHex);
+            lpText[c * 2 + 1] = nibbletoh(x & 15, UpcaseHex);
+        }
+
+        lpText[Length * 2] = 0;
+    }
+
+    return lpText;
+}
+
+BOOL CALLBACK SearchPatternCallback(
+    _In_ PBYTE Buffer,
+    _In_ ULONG PatternSize,
+    _In_opt_ PVOID CallbackContext
+)
+{
+    LPCSTR pszSection = (LPCSTR)CallbackContext;
+    LPCSTR pszFound;
+    pszFound = PrintHex(Buffer, PatternSize, TRUE);
+    if (pszFound) {
+        printf_s("%s: %p\t%s\r\n", pszSection, Buffer, pszFound);
+        LocalFree((HLOCAL)pszFound);
+    }
+    return FALSE;
+}
+
+void ProcessFile(
+    _In_ LPCSTR pszFileName,
+    _In_ LPCSTR pszSection,
+    _In_ LPCSTR pszPattern,
+    _In_ LPCSTR pszMask)
+{
+    PVOID pvImageBase = NULL, pvSection;
+    LARGE_INTEGER fileSize;
+    SIZE_T nLen, patternLen, maskLen;
+    ULONG sectionSize = 0;
+
+    BYTE* pbPattern = NULL;
+    BYTE* pbMask = NULL;
+
+    DWORD patternSize, maskSize;
+
+    SEARCH_PARAMS sparams;
+
+    do {
+
+        nLen = strlen(pszSection);
+        if (nLen < 2) {
+            printf_s("Section name %s is too short\r\n", pszSection);
+            return;
+        }
+
+        patternLen = strlen(pszPattern);
+        maskLen = strlen(pszMask);
+
+        pbPattern = (BYTE*)LocalAlloc(LPTR, patternLen);
+        pbMask = (BYTE*)LocalAlloc(LPTR, maskLen);
+        if (pbPattern == NULL || pbMask == NULL) {
+            printf_s("Could not allocate temporary buffer\r\n");
+            break;
+        }
+
+        patternSize = (ULONG)hex2bin(pszPattern, pbPattern);
+        maskSize = (ULONG)hex2bin(pszMask, pbMask);
+        if (patternSize != maskSize) {
+            printf_s("Pattern and mask must be the same size\r\n");
+            break;
+        }
+
+        pvImageBase = MapInputFile(pszFileName, &fileSize);
+
+        if (pvImageBase == NULL) {
+            printf_s("Cannot map input file %s, GetLastError(%lx)", pszFileName, GetLastError());
+            break;
+        }
+
+        pvSection = LookupImageSectionByName((CHAR*)pszSection, (ULONG)nLen, pvImageBase, &sectionSize);
+
+        if (pvSection == NULL || sectionSize == 0) {
+            printf_s("Section %s not found or has invalid size %lx", pszSection, sectionSize);
+            break;
+        }
+
+        sparams.Buffer = (PBYTE)pvSection;
+        sparams.BufferSize = sectionSize;
+        sparams.Callback = SearchPatternCallback;
+        sparams.CallbackContext = (PVOID)pszSection;
+        sparams.Pattern = pbPattern;
+        sparams.PatternSize = patternSize;
+        sparams.Mask = pbMask;
+
+        if (0 == SearchPattern(&sparams))
+            printf_s("Nothing found, check input parameters!\r\n");
+
+    } while (FALSE);
+
+    if (pvImageBase) UnmapInputFile(pvImageBase);
+    if (pbPattern) LocalFree(pbPattern);
+    if (pbMask) LocalFree(pbMask);
+}
+
+int main(int argc, char* argv[])
+{
+    if (argc > 4) {
+        printf_s("File %s, looking for:\r\n\tPattern:\t%s\r\n\tMask:\t\t%s\r\n\tSection:\t%s\r\n",
+            argv[1],
+            argv[3],
+            argv[4],
+            argv[2]);
+
+        ProcessFile(argv[1], argv[2], argv[3], argv[4]);
+    }
+    else {
+        printf_s("sp [File] [Section] [Pattern] [Mask]\r\n");
+    }
+    ExitProcess(0);
+}
--- a/Source/Utils/SearchPattern/SearchPattern.sln
+++ b/Source/Utils/SearchPattern/SearchPattern.sln
@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.2.32516.85
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SearchPattern", "SearchPattern.vcxproj", "{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.ActiveCfg = Debug|x64
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.Build.0 = Debug|x64
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.ActiveCfg = Debug|Win32
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.Build.0 = Debug|Win32
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.ActiveCfg = Release|x64
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.Build.0 = Release|x64
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.ActiveCfg = Release|Win32
+		{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {C910A337-D65F-41AB-9EB6-5303B9099E4E}
+	EndGlobalSection
+EndGlobal
--- a/Source/Utils/SearchPattern/SearchPattern.vcxproj
+++ b/Source/Utils/SearchPattern/SearchPattern.vcxproj
@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{b7a2c94c-d4ca-43d5-bd32-ff70e0aa1443}</ProjectGuid>
+    <RootNamespace>SearchPattern</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <TargetName>sp</TargetName>
+    <RunCodeAnalysis>false</RunCodeAnalysis>
+    <CodeAnalysisRuleSet>NativeRecommendedRules.ruleset</CodeAnalysisRuleSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <TargetName>sp</TargetName>
+    <RunCodeAnalysis>false</RunCodeAnalysis>
+    <CodeAnalysisRuleSet>NativeRecommendedRules.ruleset</CodeAnalysisRuleSet>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level4</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <Optimization>MinSpace</Optimization>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level4</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <Optimization>MinSpace</Optimization>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="SearchPattern.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/Source/Utils/SearchPattern/SearchPattern.vcxproj.filters
+++ b/Source/Utils/SearchPattern/SearchPattern.vcxproj.filters
@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="SearchPattern.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
--- a/Source/Utils/SearchPattern/SearchPattern.vcxproj.user
+++ b/Source/Utils/SearchPattern/SearchPattern.vcxproj.user
@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LocalDebuggerCommandArguments>C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"</LocalDebuggerCommandArguments>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerCommandArguments>C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"</LocalDebuggerCommandArguments>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
--- a/Source/Utils/SearchPattern/test.cmd
+++ b/Source/Utils/SearchPattern/test.cmd
@ -0,0 +1,7 @@
+@echo off
+echo Looking for pattern 1
+sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "41 B8 FF 00 00 00 BF 06 00 00 00" "11 11 00 11 11 11 11 11 11 11 11"
+pause
+echo Looking for pattern 2
+sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "BA D0 07 00 00 B9 40 00 00 00" "11 11 11 11 11 11 11 11 11 11"
+pause
--- a/Source/Utils/readme.txt
+++ b/Source/Utils/readme.txt
@ -0,0 +1,4 @@
+Support and test utilities.
+
+GenAsIo2Unlock - generate unlocking data for *locked* Asus drivers from EneTech.
+SearchPattern - test tool for pattern lookups.
--- a/WinObjEx64.sha256
+++ b/WinObjEx64.sha256
@ -134,11 +134,18 @@ b46c40109223624940a76c65db6ec26cf21f6d4886e81dedc09c1a48f223822e *Source\Shared\
 fe9f3b5ce134b8d292a6a82df44ce0a201cfb2c029ac131f54564e3ac80b7172 *Source\Shared\tabs\tabsctrl.h
 ce2ec00fd84aa5db7c67e1c95f503657804ffa6b3fb6a8fffe95de99476c6a18 *Source\Shared\treelist\treelist.c
 33aac331f85b82bb59f46a81c085eabc26cbb62997a331b65cbb944f02dd96fa *Source\Shared\treelist\treelist.h
+1bc873890f680f1bc71883f9ca13ce2773de254863a0539e8cb3198fbba80d44 *Source\Utils\readme.txt
 c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
 c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj
 0f66125c8a4beed047c8bfb2eb57f8aa8ce3acc390b9303b4b2d10815e8d4b9c *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj.filters
 97ce741fbe96ea77dbb626f6021405ec9b204ad8591db4b69f8fde8aae628a1a *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj.user
 351d5566119c9d193cff59c4ae70124b68b23c0602f7eba3e73772f42009844e *Source\Utils\GenAsIo2Unlock\main.cpp
+5fafa587a5259a1b8afe98a3ebdd8c972bd2996e072c3f62e97e56eab2ca04ec *Source\Utils\SearchPattern\SearchPattern.cpp
+4e22c41ba437878a411b6b817e26a66fe9415a16f7d0d4bc6398a06a5765a7ac *Source\Utils\SearchPattern\SearchPattern.sln
+b0d8cc5b64482cd97871ff55e8dff0006679fabc397002fb00e03a4f6162d19d *Source\Utils\SearchPattern\SearchPattern.vcxproj
+50886b1d269d1b4e67cfccf01444c85882f633f620fda361f23106aede6e2649 *Source\Utils\SearchPattern\SearchPattern.vcxproj.filters
+93f2393e8962a32c42afad8c407f51c86fdba50316b70ccb436bcfe9015b7f0e *Source\Utils\SearchPattern\SearchPattern.vcxproj.user
+342acfe1fb4f8f882b540ed09ab519ac8731a1f754b5e41a97812bc20e4381fc *Source\Utils\SearchPattern\test.cmd
 70a3b8284ab598ffcabd5c4d794be7445847f1711db63503c64d1cbdde4791e7 *Source\WinObjEx64\aboutDlg.c
 e2877173023bae50e74772f142fec35cb72e30ea963dd90b39f382339a8a5b24 *Source\WinObjEx64\aboutDlg.h
 9e54675313dfcf120d83549865688882d6a6fd85f029c797d4be4eed9e3a58b7 *Source\WinObjEx64\driver.rc