I do string matching in a kernel driver using the Boyer-Moore algorithm, but I also need to implement basic wildcard support. This answer on SO mentioned the function FsRtlIsNameInExpression, which looks just right for my needs. It even looks like it handles case insensitivity for Unicode strings.
But I can't even get it to match a simple string with itself.
I tried a few things, but FsRtlIsNameInExpression never matches anything. Here is some code I used to test (I put the call to MyTest at the end of my DriverEntry routine).
NTSTATUS MyTest()
{
int matches = 0;
UNICODE_STRING a3times;
UNICODE_STRING A5times;
UNICODE_STRING bbb;
UNICODE_STRING patterna;
UNICODE_STRING patternb;
RtlInitUnicodeString(&a3times, L"aaa");
RtlInitUnicodeString(&A5times, L"AAAAA");
RtlInitUnicodeString(&bbb, L"bbb");
RtlInitUnicodeString(&patterna, L"a*a");
RtlInitUnicodeString(&patternb, L"b*");
if(FsRtlIsNameInExpression(&patterna, &a3times, TRUE, 0))
++matches; // a*a should match aaa
if(FsRtlIsNameInExpression(&patterna, &A5times, FALSE, 0))
++matches; // a*a should match (insensitive) AAAAA
if(FsRtlIsNameInExpression(&a3times, &a3times, TRUE, 0))
++matches; //aaa should match aaa
if(FsRtlIsNameInExpression(&patternb, &bbb, TRUE, 0))
++matches; //b* should match bbb
return matches; //Should be 4, but is 0
}
For the record :
What is the obvious thing that I am missing ?
The documentation says
If
IgnoreCaseisTRUE,Expressionmust be uppercase.
Note that, per your comments, you misunderstood the case-sensitivity parameter. It is IgnoreCase not CaseSensitive.
As for the results:
IgnoreCase set to TRUE - won't workIgnoreCase set to FALSE, upper case pattern - won't matchIgnoreCase set to TRUE - won't workIgnoreCase set to TRUE - won't workJust really bad luck that not a single one worked :)