Description
We currently use a highly efficient algorithm to match a signature against a specific position. The problem is however that making this fast isn't really helping all too much because the chance that the signature is not matching is very high, so no matter what you do, it'll be rejected very quickly anyway. So while a correct match is checked really quickly, that doesn't speed up all the cases where it doesn't match. Instead you really want to check many addresses in parallel at the same time. The standard approach is to splat a single byte into a SIMD vector and match 16 bytes (or whatever your SIMD vector width is) at the same time. The problem is of course that we don't just care about a single byte, but the whole signature. So you use this to quickly find good candidates to do the full signature match against. This is also exactly how Rust's hash map is that fast. In order to reduce false positives there's the idea to splat two separate bytes from the signatures into two simd vectors at the same time and only consider candidates where both bytes match. If the two bytes are also well chosen (you probably don't want 0x00 or 0xFF), then you should be able to very quickly skip through the memory. This algorithm is documented here: http://0x80.pl/articles/simd-strfind.html#algorithm