Add additional functions to math module (#1483)

* feat: Implement stats module

Add a new statistics module. For now, the module supports counting
the occurrences of specific bytes (or returning the occurrence rate
as a percentage) and calculating the most common byte for an area.

* Another example

* feat: Implement stats module

Add a new statistics module. For now, the module supports counting
the occurrences of specific bytes (or returning the occurrence rate
as a percentage) and calculating the most common byte for an area.

* refactor: Integrate stats module into math module

Integrate the new functionality into the math module instead
of creating a new module.

* chore: Adjust module name in documentation

* chore: Fix memory leak issue

Fixes a memory leak where a temporary array (used for match counting)
wasn't released properly.

* fix: Remove global char count function, optimize char count

Remove a redundant (and slow) function to count a char globally.
Rework the remaining char count function to be more efficient.
It still requires O(n*m) in worst case and O(n) in best case.

* chore: Update documentation

* chore: Remove string counting function

Due to the new "x of them in ..." syntax, string counting is no
longer required (it already is supported and this function is
slower in most circumstances).

* chore: remove test functions for string count

Co-authored-by: Florian Roth <[email protected]>

Author: secDre4mer

docs/modules/math.rst

@@ -126,3 +126,42 @@ file and create signatures based on those results.
     Returns the absolute value of the signed integer.
 
     *Example: math.abs(@a - @b) == 1*
+
+.. c:function:: count(byte, offset, size)
+
+    .. versionadded:: 4.2.0
+
+    Returns how often a specific byte occurs, starting at *offset*
+    and looking at the next *size* bytes. When scanning a
+    running process the *offset* argument should be a virtual address within
+    the process address space.
+    *offset* and *size* are optional; if left empty, the complete file is searched.
+
+    *Example: math.count(0x4A) >= 10*
+
+.. c:function:: percentage(byte, offset, size)
+
+    .. versionadded:: 4.2.0
+
+    Returns the occurrence rate of a specific byte, starting at *offset*
+    and looking at the next *size* bytes. When scanning a
+    running process the *offset* argument should be a virtual address within
+    the process address space. The returned value is a float between 0 and 1.
+    *offset* and *size* are optional; if left empty, the complete file is searched.
+
+    
+    *Example: math.percentage(0xFF, filesize-1024, filesize) >= 0.9*
+    
+    *Example: math.percentage(0x4A) >= 0.4*
+
+.. c:function:: mode(offset, size)
+
+    .. versionadded:: 4.2.0
+    
+    Returns the most common byte, starting at *offset* and looking at the next
+    *size* bytes. When scanning a
+    running process the *offset* argument should be a virtual address within
+    the process address space. The returned value is a float.
+    *offset* and *size* are optional; if left empty, the complete file is searched.
+
+    *Example: math.mode(0, filesize) == 0xFF*