aobscan
| Crates.io | aobscan |
| lib.rs | aobscan |
| version | 0.3.0 |
| source | src |
| created_at | 2022-09-28 22:14:10.218161 |
| updated_at | 2022-11-17 10:55:43.735956 |
| description | AOBscan is a library for multi-threaded AOB memory scanning |
| homepage | https://github.com/sonodima/aobscan |
| repository | https://github.com/sonodima/aobscan |
| max_upload_size | |
| id | 676110 |
| size | 61,207 |
Tom (sonodima)
documentation
README
AOBscan 📝
AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse engineering.
This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing for extremely fast scans)
Features
- Single-threaded and multi-threaded scanning
- Match selection using callback functions
- IDA-style patterns:
48 8b ? ? ? 48 8c ?? ?? ?? ?? - Code-style signatures/masks: (
\x48\x8b\x00\x00\x00,..???) - Hexadecimal strings:
488b?????? - Scan for pattern in an object file section (feature: object-scan)
Usage
Add this to your Cargo.toml:
[dependencies]
aobscan = "0.3"
Example: Scan for 48 8B ? ? ? in
some.binwith all the available threads, and stop at the first match.
fn main() {
let data = include_bytes!("some_file.bin");
let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?")
.unwrap()
.with_all_threads()
.build()
.scan(data, |offset| {
println!("Found pattern at offset: 0x{:x}", offset);
false
});
}
For a real-world example, check out the AOBscan CLI twin project.
Benchmark
The results of the benchmark example are as follows:
| CPU | MT Average | ST Average | MT Peak |
|---|---|---|---|
| Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s | 12.41 GB/s |