sigmatch

Crates.iosigmatch
lib.rssigmatch
version0.2.5
created_at2024-03-06 06:37:35.499862+00
updated_at2025-07-01 09:12:21.072414+00
descriptionA memory signature search library for the Windows platform written in Rust.
homepage
repositoryhttps://github.com/piz-ewing/sigmatch
max_upload_size
id1164420
size56,232
(piz-ewing)

documentation

https://docs.rs/sigmatch

README

sigmatch

A memory signature search library for the Windows platform written in Rust.

Crates.io Crates.io depstatus Crates.io

Features

  • 🧩 Fluent API: Clear, logical calls for complex search workflows.

  • Ergonomic: Ready to use, supports multiple signature formats.

  • 🛡️ Robust Errors: Based on thiserror, rich context, panic-free.

  • 🧱 Safe Memory: Auto skips inaccessible regions for stable scans.

  • 🚀 Extreme Performance: Fast and stable by design.

  • 🧪 Optimized & Tested: Actively tested, continually improved.

Quick Use

Assuming you've obtained the signatures via IDA-Pro-SigMaker.

Signature type Example preview
IDA Signature E8 ? ? ? ? 45 33 F6 66 44 89 34 33
x64Dbg Signature E8 ?? ?? ?? ?? 45 33 F6 66 44 89 34 33
C Byte Array Signature + String mask \xE8\x00\x00\x00\x00\x45\x33\xF6\x66\x44\x89\x34\x33 x????xxxxxxxx
C Raw Bytes Signature + Bitmask 0xE8, 0x00, 0x00, 0x00, 0x00, 0x45, 0x33, 0xF6, 0x66, 0x44, 0x89, 0x34, 0x33 0b1111111100001 
[dependencies]
sigmatch = "0.2"

use sigmatch::{Result, Seeker};

fn example() -> Result<()> {

    let sker = Seeker::with_name("main")?;

    // Searching: forward search (push+mov+mov eax...)
    let addr = sker
        .search("6A ?? 89 E0 B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .addr()?;

    // Reverse search from mov eax block
    let addr = sker
        .search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .reverse_search("6A ?? 89 E0")?
        .addr()?;

    // Complex range + limit + offset
    let addr = sker
        .search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
        .limit(8)
        .reverse_search("6A ?? 89 E0")?
        .offset(16)
        .limit(1)
        .debug()
        .search("90")?
        .debug()
        .addr()?;

    // Rebind to system module
    sker.bind("ntdll.dll")?;

    // IDA-style pattern
    let _ = sker
        .search("? ? ? B8 C0 00 00 00 F6 04 25 ? ? ? ? 01 75 ? 0F 05 C3")?
        .addr()?;

    // x64dbg-style pattern
    let _ = sker.search("?? ?? ?? B8 C0 00 00 00 F6 04 25")?.addr()?;

    // C-style raw + mask
    let _ = sker.raw_search(
        b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
        "???xxxxxxxx",
    )?;

    // C-style raw + bitmap
    let _ = sker.raw_search_bitmap(
        b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
        0b00011111111,
    )?;

    Ok(())
}

Recent

  • Added support for method chaining

  • Introduced section-based signature scanning

  • Added limit() and offset() methods to control search behavior

  • Improved unit test coverage

  • Reorganized project structure for better clarity

Planned Features

  • Support reference search

  • Cross-platform support (Linux, macOS, etc.)

  • Multi-threaded scanning for performance

  • Expanded and more comprehensive test coverage

Examples & Issues

  • See more examples in the examples directory.
  • Report bugs or suggestions via issues.
Commit count: 3

cargo fmt