8 releases
0.3.0 | Nov 17, 2022 |
---|---|
0.2.0 | Oct 29, 2022 |
0.1.7 | Oct 3, 2022 |
0.1.5 | Sep 29, 2022 |
#1890 in Algorithms
Used in 2 crates
37KB
387 lines
AOBscan 📝
AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse engineering.
This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing for extremely fast scans)
Features
- Single-threaded and multi-threaded scanning
- Match selection using callback functions
- IDA-style patterns:
48 8b ? ? ? 48 8c ?? ?? ?? ??
- Code-style signatures/masks: (
\x48\x8b\x00\x00\x00
,..???
) - Hexadecimal strings:
488b??????
- Scan for pattern in an object file section (feature: object-scan)
Usage
Add this to your Cargo.toml
:
[dependencies]
aobscan = "0.3"
Example: Scan for 48 8B ? ? ? in
some.bin
with all the available threads, and stop at the first match.
fn main() {
let data = include_bytes!("some_file.bin");
let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?")
.unwrap()
.with_all_threads()
.build()
.scan(data, |offset| {
println!("Found pattern at offset: 0x{:x}", offset);
false
});
}
For a real-world example, check out the AOBscan CLI twin project.
Benchmark
The results of the benchmark
example are as follows:
CPU | MT Average | ST Average | MT Peak |
---|---|---|---|
Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s | 12.41 GB/s |
Dependencies
~28–540KB
~11K SLoC