AOBscan 📝
> AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse
> engineering.
> This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing
> for extremely fast scans)
## Features
- Single-threaded and multi-threaded scanning
- Match selection using callback functions
- IDA-style patterns: `48 8b ? ? ? 48 8c ?? ?? ?? ??`
- Code-style signatures/masks: (`\x48\x8b\x00\x00\x00`, `..???`)
- Hexadecimal strings: `488b??????`
- Scan for pattern in an object file section _(feature: object-scan)_
## Usage
Add this to your `Cargo.toml`:
```toml
[dependencies]
aobscan = "0.3"
```
> **Example:** Scan for 48 8B ? ? ? in `some.bin` with all the available threads, and stop at the first
> match.
```rust
fn main() {
let data = include_bytes!("some_file.bin");
let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?")
.unwrap()
.with_all_threads()
.build()
.scan(data, |offset| {
println!("Found pattern at offset: 0x{:x}", offset);
false
});
}
```
### For a real-world example, check out the [AOBscan CLI](https://github.com/sonodima/aobscan-cli) twin project.
## Benchmark
The results of the `benchmark` example are as follows:
| CPU | MT Average | ST Average | MT Peak |
|--------------------|------------|------------|------------|
| Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s | 12.41 GB/s |
