It`s time to measure how effective this state-machines. I made today simple perl script to measure how much symbols (located in sections .data, ALMOSTRO and PAGEDATA) can be found for arm64 windows kernel. The conditions for success are
- found function is exported
- or found function use some unique constant which is used no more than 3 times
Result on kernel build 18346:
total: 3493 symbols, found 1466
Simple state machine with states containing only loading/storing, call import/export and loading of some constant is able to retrieve almost 42% of symbols
PS: for adf.sys (which has no exported functions at all) results even better:
total: 164 symbols, found 73
44.5%