Difference between revisions of "Auto Assembler:aobScanRegion"
|  (Created page with 'Category:Assembler '''Auto Assembler''' aobScanRegion(''SymbolName'', ''StartAddress'', ''StopAddress'', ''AOBString'')  Scans the memory of a specific region for the given a…') | m | ||
| Line 2: | Line 2: | ||
| '''Auto Assembler''' aobScanRegion(''SymbolName'', ''StartAddress'', ''StopAddress'', ''AOBString'') | '''Auto Assembler''' aobScanRegion(''SymbolName'', ''StartAddress'', ''StopAddress'', ''AOBString'') | ||
| − | Scans  | + | Scans a specific region memory between ''StartAddress'' and ''StopAddress'' for a specific byte pattern defined by ''AOBString'' and sets the resulting address to the symbol ''SymbolName''. | 
| − | 'x', '?',  | + | |
| + | '''Note:''' ''AOBString'' definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants: | ||
| + | |||
| + | - A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15) | ||
| + | |||
| + | - An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255) | ||
| + | |||
| + | The wildcards are defined by any of these 3 characters: 'x', '?', or '*'. | ||
| + | Some valid patterns: | ||
| − | |||
| − | |||
| − | |||
|   5x 48 8D 6x 24 E0 |   5x 48 8D 6x 24 E0 | ||
|   5? 48 8D 6? 24 E0 |   5? 48 8D 6? 24 E0 | ||
| Line 26: | Line 31: | ||
| |SymbolName | |SymbolName | ||
| |string | |string | ||
| − | |The symbol name to  | + | |The symbol name to define if ''AOBString'' is found | 
| |- | |- | ||
| |StartAddress | |StartAddress | ||
| Line 38: | Line 43: | ||
| |AOBString | |AOBString | ||
| |string | |string | ||
| − | |The  | + | |The byte pattern, as hex, to scan for | 
| |} | |} | ||
Latest revision as of 16:59, 22 April 2022
Auto Assembler aobScanRegion(SymbolName, StartAddress, StopAddress, AOBString)
Scans a specific region memory between StartAddress and StopAddress for a specific byte pattern defined by AOBString and sets the resulting address to the symbol SymbolName.
Note: AOBString definition is composed by a list of one or several bytes optionally separated by spaces. Each byte definition has 2 variants:
- A group of 2 characters, where the first character is the high order nibble and the second is the low order nibble. Each character can be an hexadecimal digit (from '0' to 'F') or a wildcard character (interpreted as any hexadecimal value from 0 to 15)
- An unique wildcard surrounded by spaces (interpreted as any value from 0 to 255)
The wildcards are defined by any of these 3 characters: 'x', '?', or '*'. Some valid patterns:
5x 48 8D 6x 24 E0 5? 48 8D 6? 24 E0 5* 48 8D 6* 24 E0 xx 48 8D xx 24 E0 ?? 48 8D ?? 24 E0 ** 48 8D ** 24 E0 x 48 8D x 24 E0 ? 48 8D ? 24 E0 * 48 8D * 24 E0
Command Parameters[edit]
| Parameter | Type | Description | 
|---|---|---|
| SymbolName | string | The symbol name to define if AOBString is found | 
| StartAddress | string | The address to start scanning from | 
| StopAddress | string | The address to stop scanning at. | 
| AOBString | string | The byte pattern, as hex, to scan for | 
Examples[edit]
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 53 48 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 xx xx 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 5x 48 xx 6x 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 x x 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 ** ** 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 5* 48 *D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 * * 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 ?? ?? 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 5? ?? 8? 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 00 ? ? 8D 64 24 E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 005x8xxxxxE0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 005*8*****E0)
aobScanRegion(SomeSymbol, Tutorial-i386.exe+4000, Tutorial-i386.exe+5000, 005?8?????E0)

