Expand description
a memory signature search library for the Windows platform written in Rust.
It’s a basic version migrated from another C++ project of mine, with more features coming soon!
§Quick Use
Assuming you’ve obtained the signatures via IDA-Pro-SigMaker.
§Usage in project
[dependencies]
sigmatch = "0.2"ⓘ
use sigmatch::{Result, Seeker};
fn example() -> Result<()> {
let sker = Seeker::with_name("main")?;
// Searching: forward search (push+mov+mov eax...)
let addr = sker
.search("6A ?? 89 E0 B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
.addr()?;
// Reverse search from mov eax block
let addr = sker
.search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
.reverse_search("6A ?? 89 E0")?
.addr()?;
// Complex range + limit + offset
let addr = sker
.search("B8 ?? ?? ?? ?? C1 C0 05 05 ?? ?? ?? 90 90 90")?
.limit(8)
.reverse_search("6A ?? 89 E0")?
.offset(16)
.limit(1)
.debug()
.search("90")?
.debug()
.addr()?;
// Rebind to system module
sker.bind("ntdll.dll")?;
// IDA-style pattern
let _ = sker
.search("? ? ? B8 C0 00 00 00 F6 04 25 ? ? ? ? 01 75 ? 0F 05 C3")?
.addr()?;
// x64dbg-style pattern
let _ = sker.search("?? ?? ?? B8 C0 00 00 00 F6 04 25")?.addr()?;
// C-style raw + mask
let _ = sker.raw_search(
b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
"???xxxxxxxx",
)?;
// C-style raw + bitmap
let _ = sker.raw_search_bitmap(
b"\x00\x00\x00\xB8\xC0\x00\x00\x00\xF6\x04\x25",
0b00011111111,
)?;
Ok(())
}More than examples can see: examples.