Match Analyzers

Posted | Modified

Match analyzers in HexLasso look for matching byte sequences in block of data and return the byte coverage of the found matches.

It is possible that no match found in the block, and it is also possible that all the bytes are matches.

HexLasso implements three type of matching algorithms and the difference between them is the width of the matches.

If the block contains QWord matches, it consequently contains DWord matches, and it consequently contains Word matches.

For example, by following the links you can see Word, DWord and QWord matches of a given block.

The presence of the matches in the block indicates some sort of redundancy. However, the match analyzers are given lower priorities than many other analyzers because they cannot be specific on what the redundancies are.

There are many other analyzers that can be more specific on what the redundancies are though. For example, the Byte00 analyzer returns the byte coverage of 00 bytes in the block. Therefore, the Byte00 analyzer is given a higher priority than the match analyzers. As a consequence, if the Byte00 analyzer and the match analyzers return with the same byte coverage on a given block then Byte00 analyzer will be reported.

So match analyzers are used as a fall-back mechanism when specifics on the redundancies are not well known.