#reverse-engineering #hacking #byte-array #game-hacking #sigscan

patternscan

Searches for a contiguous array of bytes determined by a wild-carded pattern

3 releases (stable)

1.2.0 Jan 23, 2021
1.1.1 Dec 31, 2020
0.1.1 Aug 13, 2020
0.1.0 Aug 13, 2020

#1787 in Parser implementations

24 downloads per month

MIT license

18KB
295 lines

patternscan

CI Badge Crates Badge License Badge Issues Badge

Searches for a contiguous array of bytes determined by a given pattern. The pattern can include supported wildcard characters, as shown below.

Wildcards

  • ? match any byte

Example Patterns

  • fe 00 68 98 - matches only fe 00 68 98
  • 8d 11 ? ? 8f - could match 8d 11 9e ef 8f or 8d 11 0 0 8f for example

Documentation

docs.rs

License

This project is licensed under the MIT License - see LICENSE.md for details.


lib.rs:

Searches for a contiguous array of bytes determined by a given pattern. The pattern can include supported wildcard characters, as seen below.

Wildcards

  • ? match any byte

Example Patterns

  • fe 00 68 98 - matches only fe 00 68 98
  • 8d 11 ? ? 8f - could match 8d 11 9e ef 8f or 8d 11 0 0 8f for example

Example Usage

The scan function is used to scan for a pattern within the output of a Read. Using a Cursor to scan within a byte array in memory could look as follows:

use patternscan::scan;
use std::io::Cursor;

let bytes = [0x10, 0x20, 0x30, 0x40, 0x50];
let pattern = "20 30 40";
let locs = scan(Cursor::new(bytes), &pattern).unwrap(); // Will equal vec![1], the index of
                                                        // the pattern

Any struct implementing Read can be passed as the reader which should be scanned for ocurrences of a pattern, so one could scan for a byte sequence within an executable as follows:

use patternscan::scan;
use std::fs::File;

let reader = File::open("somebinary.exe").unwrap();
let instruction = "A3 ? ? ? ?";
let locs = scan(reader, &instruction).unwrap();

For more example uses of this module, see the tests

No runtime deps