Difference between revisions of "Lua:AOBScan"
Jump to navigation
Jump to search
(→Related Functions) |
RichardLake (talk | contribs) m |
||
Line 4: | Line 4: | ||
'''function''' AOBScan(''AOBString'', ''ProtectionFlags'' OPTIONAL, ''AlignmentType'' OPTIONAL, ''AlignmentParam'' HALFOPTIONAL) | '''function''' AOBScan(''AOBString'', ''ProtectionFlags'' OPTIONAL, ''AlignmentType'' OPTIONAL, ''AlignmentParam'' HALFOPTIONAL) | ||
− | Scans the currently opened process and returns a StringList object containing all the results. | + | Scans the currently opened process and returns a [[Lua:Class:Stringlist|StringList]] object containing all the results. |
Don't forget to free this list when done. | Don't forget to free this list when done. | ||
Byte value of higher than 255 or anything not an integer will be seen as a wildcard. | Byte value of higher than 255 or anything not an integer will be seen as a wildcard. |
Revision as of 10:40, 10 January 2019
function AOBScan(...)
function AOBScan(AOBString, ProtectionFlags OPTIONAL, AlignmentType OPTIONAL, AlignmentParam HALFOPTIONAL)
Scans the currently opened process and returns a StringList object containing all the results. Don't forget to free this list when done. Byte value of higher than 255 or anything not an integer will be seen as a wildcard.
Function Parameters
Parameter | Type | Description |
---|---|---|
... | ... | Bytes to scan for seperated as arguments |
Parameter | Type | Description |
---|---|---|
AOBString | string | A string of bytes, as hex, to scan for |
ProtectionFlags | string | A string of flags used to set protection type of memory to be scanned |
AlignmentType | integer | Used with 'AlignmentParam' to set scan alignment |
AlignmentParam | string | A string which either holds the value the addresses must be dividable by or what the last digits of the address must be |
- protectionflags is a string:
- Add a + to indicate that flag MUST be set and a - to indicate that that flag MUST NOT be set. (* sets it to don't care)
- X = Executable
- W = Writable memory
- C = Copy On Write.
Examples:
+W-C = Writable memory exluding copy on write and doesn't care about the Executable flag +X-C-W = Find readonly executable memory +W = Finds all writable memory and don't care about copy on write or execute "" = Find everything (is the same as "*X*C*W" )
- alignmenttype is an integer:
- 0 = No alignment check
- 1 = Address must be dividable by alignmentparam
- 2 = Address must end with alignmentparam
See also
Related Functions
- autoAssemble
- disassemble
- getInstructionSize
- getPreviousOpcode
- allocateSharedMemory
- mapMemory
- unmapMemory
- readBytes
- readPointer
- writeBytes
- readBytesLocal
- readPointerLocal
- writeBytesLocal
- wordToByteTable
- dwordToByteTable
- qwordToByteTable
- floatToByteTable
- doubleToByteTable
- stringToByteTable
- wideStringToByteTable
- byteTableToWord
- byteTableToDword
- byteTableToQword
- byteTableToFloat
- byteTableToDouble
- byteTableToString
- byteTableToWideString