[BUG] "IOCTL Decode All" is missing some cases

[VoidSec]

In

DriverBuddyReloaded/DriverBuddyReloaded.py

Line 179 in d272537

# If the penultimate instruction is cmp or sub against an immediate value immediately preceding a 'jz'

"IOCTL Decode All" function is missing some cases as can be shown in the following image:

The only immediate fix I can think of is reworking the heuristic functionality:

1. processing the entire block for cmp, mov, sub operations
2. checking that the immediate operand has 10 digits
3. excluding NTSTATUS values
4. decoding the suspected IOCTL code

Will probably generate some more false positives but it will cover "switch" cases falling into "default" case and such