8 releases
| 0.3.0 | Nov 17, 2022 |
|---|---|
| 0.2.0 | Oct 29, 2022 |
| 0.1.7 | Oct 3, 2022 |
| 0.1.5 | Sep 29, 2022 |
#1648 in Algorithms
126 downloads per month
Used in 2 crates
37KB
387 lines
AOBscan 📝
AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse engineering.
This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing for extremely fast scans)
Features
- Single-threaded and multi-threaded scanning
- Match selection using callback functions
- IDA-style patterns:
48 8b ? ? ? 48 8c ?? ?? ?? ?? - Code-style signatures/masks: (
\x48\x8b\x00\x00\x00,..???) - Hexadecimal strings:
488b?????? - Scan for pattern in an object file section (feature: object-scan)
Usage
Add this to your Cargo.toml:
[dependencies]
aobscan = "0.3"
Example: Scan for 48 8B ? ? ? in
some.binwith all the available threads, and stop at the first match.
fn main() {
let data = include_bytes!("some_file.bin");
let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?")
.unwrap()
.with_all_threads()
.build()
.scan(data, |offset| {
println!("Found pattern at offset: 0x{:x}", offset);
false
});
}
For a real-world example, check out the AOBscan CLI twin project.
Benchmark
The results of the benchmark example are as follows:
| CPU | MT Average | ST Average | MT Peak |
|---|---|---|---|
| Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s | 12.41 GB/s |
Dependencies
~28–540KB
~11K SLoC