Lib.rs

Operating systemsWindows APIs
#signature #windows-platform #sig #format #pattern #sigsearch

sigmatch

A memory signature search library for the Windows platform written in Rust

by piz-ewing

8 releases

0.2.5 Jul 1, 2025
0.2.3 Jun 30, 2025
0.1.3 Mar 6, 2024

#53 in Windows APIs

Download history 9/week @ 2025-05-07 3/week @ 2025-05-14 362/week @ 2025-06-25 116/week @ 2025-07-02

478 downloads per month

MIT license

37KB
626 lines

sigmatch

A memory signature search library for the Windows platform written in Rust.

Crates.io Crates.io depstatus Crates.io

Features

  • 🧩 Fluent API: Clear, logical calls for complex search workflows.
  • Ergonomic: Ready to use, supports multiple signature formats.
  • 🛡️ Robust Errors: Based on thiserror, rich context, panic-free.
  • 🧱 Safe Memory: Auto skips inaccessible regions for stable scans.
  • 🚀 Extreme Performance: Fast and stable by design.
  • 🧪 Optimized & Tested: Actively tested, continually improved.

Quick Use

Assuming you've obtained the signatures via IDA-Pro-SigMaker.

Signature type Example preview
IDA Signature E8 ? ? ? ? 45 33 F6 66 44 89 34 33
x64Dbg Signature E8 ?? ?? ?? ?? 45 33 F6 66 44 89 34 33
C Byte Array Signature + String mask \xE8\x00\x00\x00\x00\x45\x33\xF6\x66\x44\x89\x34\x33 x????xxxxxxxx
C Raw Bytes Signature + Bitmask 0xE8, 0x00, 0x00, 0x00, 0x00, 0x45, 0x33, 0xF6, 0x66, 0x44, 0x89, 0x34, 0x33 0b1111111100001 
[dependencies]
sigmatch = "0.2"

use sigmatch::{Result, Seeker};

fn example() -> Result<()> {

    let sker = Seeker::with_name("main")?;

    // Searching: forward search (push+mov+mov eax...)
    let addr = sker
        .search("6A ?? 89 E0 B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .addr()?;

    // Reverse search from mov eax block
    let addr = sker
        .search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .reverse_search("6A ?? 89 E0")?
        .addr()?;

    // Complex range + limit + offset
    let addr = sker
        .search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .limit(8)
        .reverse_search("6A ?? 89 E0")?
        .offset(16)
        .limit(1)
        .debug()
        .search("90")?
        .debug()
        .addr()?;

    // Rebind to system module
    sker.bind("ntdll.dll")?;

    // IDA-style pattern
    let _ = sker
        .search("? ? ? B8 C0 00 00 00 F6 04 25 ? ? ? ? 01 75 ? 0F 05 C3")?
        .addr()?;

    // x64dbg-style pattern
    let _ = sker.search("?? ?? ?? B8 C0 00 00 00 F6 04 25")?.addr()?;

    // C-style raw + mask
    let _ = sker.raw_search(
        b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
        "???xxxxxxxx",
    )?;

    // C-style raw + bitmap
    let _ = sker.raw_search_bitmap(
        b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
        0b00011111111,
    )?;

    Ok(())
}

Recent

  • Added support for method chaining
  • Introduced section-based signature scanning
  • Added limit() and offset() methods to control search behavior
  • Improved unit test coverage
  • Reorganized project structure for better clarity

Planned Features

  • Support reference search
  • Cross-platform support (Linux, macOS, etc.)
  • Multi-threaded scanning for performance
  • Expanded and more comprehensive test coverage

Examples & Issues

  • See more examples in the examples directory.
  • Report bugs or suggestions via issues.

Dependencies

~118MB
~2M SLoC