Crates.io | skidscan-macros |
lib.rs | skidscan-macros |
version | 0.1.2 |
source | src |
created_at | 2021-09-09 19:10:17.603677 |
updated_at | 2021-09-10 18:19:42.053034 |
description | Proc macros for skidscan |
homepage | |
repository | https://github.com/WilliamVenner/skidscan |
max_upload_size | |
id | 448984 |
size | 5,089 |
Quick & dirty Rust sigscanning crate.
let sig = signature!("40 53 48 83 EC 20 48 8B 01 48 8B D9 48 89 91 ? ? ? ? FF 90 ? ? ? ? 33 D2");
let sig = obfsignature!("40 53 48 83 EC 20 48 8B 01 48 8B D9 48 89 91 ? ? ? ? FF 90 ? ? ? ? 33 D2"); // "Obfuscated" signature
let result: Result<*mut u8, ModuleSigScanError> = sig.scan_module("path or module name");
let result: Option<usize> = sig.scan_ptr(0xDEADBEEF as *mut u8);
let result: Option<usize> = sig.scan(&[0x40, 0x53, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x8B, 0x01, 0x48, 0x8B, 0xD9, 0x48, 0x89, 0x91, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x90, 0x00, 0x00, 0x00, 0x00, 0x33, 0xD2]);
Signatures are constructed as a series of Option<u8>
.
None
represents a ?
: any byte, so long as it is present.
Some(u8)
represents this byte exactly.
For example, signature!("48 89 91 ? ? ?")
becomes [Some(0x48), Some(0x89), Some(0x91), None, None, None]
You can construct an "obfuscated" signature using obfstr with the obfuscate
crate feature.
Obfuscated signatures are constructed, for each byte: Some(obfstr!("0xFF").parse::<u8>())
For example, signature!("48 89 91 ? ? ?")
becomes [Some(obfstr!("0x48").parse::<u8>()), Some(obfstr!("0x89").parse::<u8>()), Some(obfstr!("0x91").parse::<u8>()), None, None, None]