Difference between revisions of "Auto Assembler:aobScanModule"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
Scans the memory of a specific module for the given array of byte and sets the result to the symbol name. | Scans the memory of a specific module for the given array of byte and sets the result to the symbol name. | ||
'?' and '*' are seen as a wildcard. | '?' and '*' are seen as a wildcard. | ||
+ | |||
+ | Note: Wildcards can be written as one per byte or one per character of byte. | ||
+ | :i.e.: ? or * or ?? or ** | ||
+ | :If not separated by spaces the wildcard will be interpreted as a byte. | ||
=== Command Parameters === | === Command Parameters === | ||
Line 28: | Line 32: | ||
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0) | aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0) | ||
+ | |||
+ | aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0) | ||
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0) | aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0) | ||
+ | |||
+ | aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0) | ||
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0) | aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0) |
Revision as of 22:07, 11 March 2017
Auto Assembler aobScanModule(SymbolName, ModuleName, AOBString)
Scans the memory of a specific module for the given array of byte and sets the result to the symbol name. '?' and '*' are seen as a wildcard.
Note: Wildcards can be written as one per byte or one per character of byte.
- i.e.: ? or * or ?? or **
- If not separated by spaces the wildcard will be interpreted as a byte.
Command Parameters
Parameter | Type | Description |
---|---|---|
SymbolName | string | The symbol name to use if aob is found |
ModuleName | string | The name of the module to scan in |
AOBString | string | The string of bytes, as hex, to scan for |
Examples
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)