wcsstr in Windows kernel-mode

Turns out there is no equivalent function to strstr/wcsstr in the DDK/WDK and therefore available in kernel mode. But being plain old C you can roll your own so that’s what I did. Well, someone else did and I adapted 😜

#include <crtdefs.h>
#include <stddef.h>

#pragma warning(push)
#pragma warning( disable : 4706 )

//
// Stolen from here: https://github.com/lattera/glibc/blob/master/wcsmbs/wcsstr.c
// 
wchar_t *kmwcsstr(const wchar_t *haystack, const wchar_t *needle)
{
    register wchar_t b, c;

    if ((b = *needle) != L'\0')
    {
        haystack--;				/* possible ANSI violation */
        do
            if ((c = *++haystack) == L'\0')
                goto ret0;
        while (c != b);

        if (!(c = *++needle))
            goto foundneedle;
        ++needle;
        goto jin;

        for (;;)
        {
            register wchar_t a;
            register const wchar_t *rhaystack, *rneedle;

            do
            {
                if (!(a = *++haystack))
                    goto ret0;
                if (a == b)
                    break;
                if ((a = *++haystack) == L'\0')
                    goto ret0;
            shloop:;
            } while (a != b);

        jin:	  if (!(a = *++haystack))
            goto ret0;

                  if (a != c)
                      goto shloop;

                  if (*(rhaystack = haystack-- + 1) == (a = *(rneedle = needle)))
                      do
                      {
                          if (a == L'\0')
                              goto foundneedle;
                          if (*++rhaystack != (a = *++needle))
                              break;
                          if (a == L'\0')
                              goto foundneedle;
                      } while (*++rhaystack == (a = *++needle));

                      needle = rneedle;		  /* took the register-poor approach */

                      if (a == L'\0')
                          break;
        }
    }
foundneedle:
    return (wchar_t*)haystack;
ret0:
    return NULL;
}
#pragma warning(pop)

Word of warning: only use with PCWSTR! It expects the passed strings to be NULL-terminated, so don’t use with UNICODE_STRING!

Cheers!