Difference between revisions of "Auto Assembler:aobScanModule"

Latest revision as of 16:33, 22 April 2022

Auto Assembler aobScanModule(SymbolName, ModuleName, AOBString)

Scans the memory used by the module ModuleName for a specific byte pattern defined by AOBString and sets the resulting address to the symbol SymbolName.

Note: AOBString definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants:

- A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15)

- An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255)

The wildcards are defined by any of these 3 characters: 'x', '?', or '*'. Some valid patterns:

5x 48 8D 6x 24 E0
5? 48 8D 6? 24 E0
5* 48 8D 6* 24 E0
xx 48 8D xx 24 E0
?? 48 8D ?? 24 E0
** 48 8D ** 24 E0
x 48 8D x 24 E0
? 48 8D ? 24 E0
* 48 8D * 24 E0

Tip: One can use for ModuleName the variable $process defined as the current open process.

Examples[edit]

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 xx xx 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 x x 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 5* 48 *D 64 24 E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00xx8D6424E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)

aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)

aobScanModule(SomeSymbol, $process, 00 1? 8D 64 24 *)

@@ Line 1: / Line 1: @@
+[[Category:Assembler]]
 '''Auto Assembler''' aobScanModule(''SymbolName'', ''ModuleName'', ''AOBString'')
-Scans the memory of a specific module for the given array of byte and sets the result to the symbol name.
+Scans the memory used by the module ''ModuleName'' for a specific byte pattern defined by ''AOBString'' and sets the resulting address to the symbol ''SymbolName''.
-Anything not an integer will be seen as a wildcard.
-=== Function Parameters ===
+'''Note:''' ''AOBString'' definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants:
+- A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15)
+- An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255)
+The wildcards are defined by any of these 3 characters: 'x', '?', or '*'.
+Some valid patterns:
+x 48 8D 6x 24 E0
+? 48 8D 6? 24 E0
+* 48 8D 6* 24 E0
+ xx 48 8D xx 24 E0
+ ?? 48 8D ?? 24 E0
+ ** 48 8D ** 24 E0
+ x 48 8D x 24 E0
+ ? 48 8D ? 24 E0
+ * 48 8D * 24 E0
+'''Tip:'''  One can use for ''ModuleName'' the variable '''$process''' defined as the current open process.
+=== Command Parameters ===
 {|width="85%" cellpadding="10%" cellpadding="5%" cellspacing="0" border="0"
 !align="left"|Parameter
@@ Line 12: / Line 33: @@
 |SymbolName
 |string
-|The symbol name to use if aob is found
+|The symbol name to define if ''AOBString'' is found
 |-
 |ModuleName
@@ Line 20: / Line 41: @@
 |AOBString
 |string
-|The string of bytes, as hex, to scan for
+|The byte pattern, as hex, to scan for
 |}
@@ Line 26: / Line 47: @@
 == Examples ==
   aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 53 48 8D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 xx xx 8D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 x x 8D 64 24 E0)
   aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ** ** 8D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 * * 8D 64 24 E0)
   aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ?? ?? 8D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 ? ? 8D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00 5* 48 *D 64 24 E0)
+ aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00xx8D6424E0)
   aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00**8D6424E0)
   aobScanModule(SomeSymbol, Tutorial-x86_64.exe, 00??8D6424E0)
+ aobScanModule(SomeSymbol, $process, 00 1? 8D 64 24 *)
 == See also ==
 * [[Cheat_Engine:Auto Assembler|Auto Assembler]]
+* [[Auto_Assembler:Commands|Auto Assembler Commands]]
-=== Related Functions ===
+=== Related Commands ===
 * [[Auto Assembler:aobScan|aobScan]]
+* [[Auto_Assembler:aobScanRegion|aobScanRegion]]
 * [[Auto Assembler:alloc|alloc]]
 * [[Auto Assembler:dealloc|dealloc]]
+* [[Auto Assembler:globalAlloc|globalAlloc]]
+* [[Auto Assembler:createThread|createThread]]
 * [[Auto Assembler:define|define]]
 * [[Auto Assembler:fullAccess|fullAccess]]
@@ Line 52: / Line 91: @@
 * [[Auto Assembler:registerSymbol|registerSymbol]]
 * [[Auto Assembler:unregisterSymbol|unregisterSymbol]]
-* [[Auto Assembler:LUA|LUA]]
+* [[Auto Assembler:LUA ASM|LUA ASM]]
-* [[Auto Assembler:ASM|ASM]]

Parameter	Type	Description
SymbolName	string	The symbol name to define if AOBString is found
ModuleName	string	The name of the module to scan in
AOBString	string	The byte pattern, as hex, to scan for

Difference between revisions of "Auto Assembler:aobScanModule"

Latest revision as of 16:33, 22 April 2022

Contents

Command Parameters[edit]

Examples[edit]

See also[edit]

Related Commands[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools