Function checks whether command which binary code starts at data[offset] is a valid filling command (usually some kind of NOP) used to align code to a specified border. Returns length of command if this is recognized as filling and 0 otherwise. Checks include:
·NOP
·INT3
·XCHG RA,RA
·MOV RA,RA
·LEA RA,[RA] (with or without SIB byte)
·LEA RA,[RA+00000000]
This list is far from completeness but includes commands most frequently used as filling by actual compilers.
int Isfilling(ulong offset,char *data,ulong size,ulong align);
Parameters:
offset - offset of binary command in data;
data - buffer containing copy of executable code;
size - size of valid code in data (if size<offset+size of tested command, function returns 0);
align - expected code alignment, must be either power of 2 (1,2,4,8...) or 0 that means no alignment.
See also: Disasm, Issuspicious, Isprefix, Readcommand