patternscan

Searches for a contiguous array of bytes determined by a given pattern. The pattern can include supported wildcard characters, as shown below.

Wildcards

• ? match any byte

Example Patterns

• fe 00 68 98 - matches only fe 00 68 98
• 8d 11 ? ? 8f - could match 8d 11 9e ef 8f or 8d 11 0 0 8f for example

Documentation

docs.rs

License

This project is licensed under the MIT License - see LICENSE.md for details.

lib.rs:

Searches for a contiguous array of bytes determined by a given pattern. The pattern can include supported wildcard characters, as seen below.

Wildcards

• ? match any byte

Example Patterns

• fe 00 68 98 - matches only fe 00 68 98
• 8d 11 ? ? 8f - could match 8d 11 9e ef 8f or 8d 11 0 0 8f for example

Example Usage

The scan function is used to scan for a pattern within the output of a Read. Using a Cursor to scan within a byte array in memory could look as follows:

use patternscan::scan;
use std::io::Cursor;

let bytes = [0x10, 0x20, 0x30, 0x40, 0x50];
let pattern = "20 30 40";
let locs = scan(Cursor::new(bytes), &pattern).unwrap(); // Will equal vec![1], the index of
                                                        // the pattern

Any struct implementing Read can be passed as the reader which should be scanned for ocurrences of a pattern, so one could scan for a byte sequence within an executable as follows:

use patternscan::scan;
use std::fs::File;

let reader = File::open("somebinary.exe").unwrap();
let instruction = "A3 ? ? ? ?";
let locs = scan(reader, &instruction).unwrap();

For more example uses of this module, see the tests