Difference between revisions of "Auto Assembler:aobScanModule"
Jump to navigation
Jump to search
(→See also) |
|||
| Line 6: | Line 6: | ||
Note: Wildcards can be written as one per byte or one per character of byte. | Note: Wildcards can be written as one per byte or one per character of byte. | ||
| − | + | :If separated by spaces the wildcard will be interpreted as a byte. | |
| − | :If | + | i.e.: |
| + | 5x 48 8D 6x 24 E0 | ||
| + | 5? 48 8D 6? 24 E0 | ||
| + | 5* 48 8D 6* 24 E0 | ||
| + | xx 48 8D xx 24 E0 | ||
| + | ?? 48 8D ?? 24 E0 | ||
| + | ** 48 8D ** 24 E0 | ||
| + | x 48 8D x 24 E0 | ||
| + | ? 48 8D ? 24 E0 | ||
| + | * 48 8D * 24 E0 | ||
=== Command Parameters === | === Command Parameters === | ||
Revision as of 01:12, 13 January 2018
Auto Assembler aobScanModule(SymbolName, ModuleName, AOBString)
Scans the memory of a specific module for the given array of byte and sets the result to the symbol name. 'x', '?', and '*' are seen as a wildcard.
Note: Wildcards can be written as one per byte or one per character of byte.
- If separated by spaces the wildcard will be interpreted as a byte.
i.e.:
5x 48 8D 6x 24 E0 5? 48 8D 6? 24 E0 5* 48 8D 6* 24 E0 xx 48 8D xx 24 E0 ?? 48 8D ?? 24 E0 ** 48 8D ** 24 E0 x 48 8D x 24 E0 ? 48 8D ? 24 E0 * 48 8D * 24 E0
Command Parameters
| Parameter | Type | Description |
|---|---|---|
| SymbolName | string | The symbol name to use if aob is found |
| ModuleName | string | The name of the module to scan in |
| AOBString | string | The string of bytes, as hex, to scan for |
Examples
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 xx xx 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 x x 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 5* 48 *D 64 24 E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00xx8D6424E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)
