Added DomitoMemorySearchPattern

include/Domito.h

@@ -42,3 +42,19 @@ DomitoFindExportedFunctionAddress(
     _In_ STRING FunctionName,
     _Inout_opt_ PVOID * FunctionAddress
 );
+
+//
+// Scans a provided buffer for a memory pattern
+// 
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(DISPATCH_LEVEL)
+NTSTATUS
+DomitoMemorySearchPattern(
+    _In_ PCUCHAR pcPattern,
+    _In_ UCHAR uWildcard,
+    _In_ SIZE_T puLen,
+    _In_ PVOID pcBase,
+    _In_ SIZE_T puSize,
+    _Outptr_result_maybenull_ PVOID* ppMatch
+);

src/Domito.cpp

@@ -209,3 +209,47 @@ DomitoFindExportedFunctionAddress(
 
     return status;
 }
+
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(DISPATCH_LEVEL)
+NTSTATUS
+DomitoMemorySearchPattern(
+    _In_ PCUCHAR pcPattern,
+    _In_ UCHAR uWildcard,
+    _In_ SIZE_T puLen,
+    _In_ PVOID pcBase,
+    _In_ SIZE_T puSize,
+    _Outptr_result_maybenull_  PVOID * ppMatch
+)
+{
+    ASSERT(ppMatch != NULL && pcPattern != NULL && pcBase != NULL);
+
+    if (ppMatch == NULL || pcPattern == NULL || pcBase == NULL)
+    {
+        return STATUS_INVALID_PARAMETER;
+    }
+
+    *ppMatch = NULL;
+
+    for (SIZE_T i = 0; i < puSize - puLen; i++)
+    {
+        BOOLEAN found = TRUE;
+        for (SIZE_T j = 0; j < puLen; j++)
+        {
+            if (pcPattern[j] != uWildcard && pcPattern[j] != ((PCUCHAR)pcBase)[i + j])
+            {
+                found = FALSE;
+                break;
+            }
+        }
+
+        if (found)
+        {
+            *ppMatch = (PUCHAR)pcBase + i;
+            return STATUS_SUCCESS;
+        }
+    }
+
+    return STATUS_NOT_FOUND;
+}