// 批量读取多个内存区域 int batch_read_memory(pid_t pid, memory_region_t *regions, int count) { struct iovec local_iov[MAX_IOV]; struct iovec remote_iov[MAX_IOV]; ssize_t result; int i; if (count > MAX_IOV) { fprintf(stderr, "Too many regions\n"); return -1; } // 设置iovec数组 for (i = 0; i < count; i++) { local_iov[i].iov_base = regions[i].local_buffer; local_iov[i].iov_len = regions[i].size; remote_iov[i].iov_base = regions[i].remote_addr; remote_iov[i].iov_len = regions[i].size; } result = process_vm_readv(pid, local_iov, count, remote_iov, count, 0); if (result == -1) { perror("process_vm_readv"); return -1; } printf("Batch read completed: %zd bytes total\n", result); return 0; }
// 批量写入多个内存区域 int batch_write_memory(pid_t pid, memory_region_t *regions, int count) { struct iovec local_iov[MAX_IOV]; struct iovec remote_iov[MAX_IOV]; ssize_t result; int i; if (count > MAX_IOV) { fprintf(stderr, "Too many regions\n"); return -1; } // 设置iovec数组 for (i = 0; i < count; i++) { local_iov[i].iov_base = regions[i].local_buffer; local_iov[i].iov_len = regions[i].size; remote_iov[i].iov_base = regions[i].remote_addr; remote_iov[i].iov_len = regions[i].size; } result = process_vm_writev(pid, local_iov, count, remote_iov, count, 0); if (result == -1) { perror("process_vm_writev"); return -1; } printf("Batch write completed: %zd bytes total\n", result); return 0; }
int main() { printf("Batch memory operations example\n"); printf("This example shows how to perform batch operations\n"); printf("You need to provide actual PID and memory addresses\n"); return 0; }
-rw-r--r-- 1 user user 123 Apr 5 12:00 zh_utf8.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 zh_gbk.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 zh_big5.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 ja_shift_jis.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 ko_euc_kr.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 fr_latin1.txt -rw-r--r-- 1 user user 123 Apr 5 12:00 en_utf16le.txt ...
🔍 第四步:使用 file 命令识别类型
1
file *.txt
✅ 预期输出示例:
1 2 3 4 5 6 7 8 9 10
en_ascii.txt: ASCII text en_utf8.txt: UTF-8 Unicode text zh_gbk.txt: ISO-8859 text zh_big5.txt: ISO-8859 text ja_shift_jis.txt: ISO-8859 text ko_euc_kr.txt: ISO-8859 text fr_latin1.txt: ISO-8859 text mixed_utf16le.txt: Little-endian UTF-16 Unicode text en_utf16be.txt: Big-endian UTF-16 Unicode text zh_utf8_bom.txt: UTF-8 Unicode (with BOM) text
for filepath in sorted(glob.glob("*.txt")): with open(filepath, 'rb') as f: raw = f.read() result = cchardet.detect(raw) encoding = result['encoding'] confidence = result['confidence'] print(f"{filepath:20} → {encoding:10} (置信度: {confidence:.2f})")
语言编码文件名中文(简体)UTF-8zh_utf8.txt中文(简体)GBKzh_gbk.txt中文(繁体)Big5zh_big5.txt日文Shift_JISja_shift_jis.txt韩文EUC-KRko_euc_kr.txt俄文UTF-8ru_utf8.txt阿拉伯文UTF-8ar_utf8.txt法文ISO-8859-1fr_latin1.txt英文ASCIIen_ascii.txt英文UTF-16LEen_utf16le.txt英文UTF-16BEen_utf16be.txt中文UTF-8 with BOMzh_utf8_bom.txt
错误原因解决magic.h: No such file or directory缺少 libmagic-dev安装 libmagic-devundefined reference to ‘magic_open’忘了 -lmagic编译时加 -lmagicerror while loading shared libraries: libmagic.so.1运行时库缺失安装 libmagic1(Ubuntu)或 file(其他)
rule SuspiciousPE { meta: description = "检测包含可疑 API 调用的 PE 文件"
condition: pe.is_pe and any of ($suspicious_funcs) in (pe.imported_functions) strings: $suspicious_funcs = "VirtualAllocEx" $suspicious_funcs = "WriteProcessMemory" $suspicious_funcs = "CreateRemoteThread" }
printf("\nString 3: \"%s\"\n", str3); printf("Length of str3 (strlen): %u\n", (unsignedint)len3);
printf("\n--- Important Note ---\n"); printf("String 4 is not null-terminated. Calling strlen on it leads to undefined behavior.\n"); printf("It might crash or run forever. Uncommenting the next lines is dangerous.\n"); /* 危险!不要对没有 \0 的字符串调用 strlen */ /* printf("Length of str4 (UNDEFINED BEHAVIOR!): %u\n", (unsigned int)strlen(str4)); */
if (result_ptr != NULL) { printf("First occurrence of '%c' found at position: %ld\n", target_char, (long)(result_ptr - str)); /* 计算偏移量 */ printf("Substring from first '%c': \"%s\"\n", target_char, result_ptr);
/* 查找下一个 's' */ printf("\n--- Searching for next occurrence ---\n"); result_ptr = strchr(result_ptr + 1, (int)target_char); /* 从下一个位置开始搜索 */ if (result_ptr != NULL) { printf("Second occurrence of '%c' found at position: %ld\n", target_char, (long)(result_ptr - str)); printf("Substring from second '%c': \"%s\"\n", target_char, result_ptr); } else { printf("No more occurrences of '%c' found.\n", target_char); }
} else { printf("Character '%c' not found in the string.\n", target_char); }
/* 查找字符串结尾符 '\0' */ printf("\n--- Searching for null terminator ---\n"); result_ptr = strchr(str, '\0'); if (result_ptr != NULL) { printf("Null terminator '\\0' found at position: %ld\n", (long)(result_ptr - str)); printf("Pointer points to: '%c' (ASCII value %d)\n", *result_ptr, (int)*result_ptr); }
/* 查找一个不存在的字符 */ printf("\n--- Searching for a character that doesn't exist ---\n"); result_ptr = strchr(str, 'z'); if (result_ptr != NULL) { printf("Character 'z' found? This is unexpected.\n"); } else { printf("Character 'z' not found, as expected. strchr returned NULL.\n"); }