Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sonodima/aobscan

AOBscan is a library for multi-threaded AOB memory scanning
https://github.com/sonodima/aobscan

aob memory pattern rust scan signature

Last synced: about 2 months ago
JSON representation

AOBscan is a library for multi-threaded AOB memory scanning

Host: GitHub
URL: https://github.com/sonodima/aobscan
Owner: sonodima
License: mit
Created: 2022-09-28T20:51:35.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2022-11-17T10:55:33.000Z (about 2 years ago)
Last Synced: 2024-10-27T19:59:55.760Z (2 months ago)
Topics: aob, memory, pattern, rust, scan, signature
Language: Rust
Homepage: https://docs.rs/aobscan
Size: 67.4 KB
Stars: 8
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        
AOBscan 📝




  

  

  

  

    

  

  






> AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse

> engineering.



> This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing

> for extremely fast scans)

## Features

- Single-threaded and multi-threaded scanning

- Match selection using callback functions

- IDA-style patterns: `48 8b ? ? ? 48 8c ?? ?? ?? ??`

- Code-style signatures/masks: (`\x48\x8b\x00\x00\x00`, `..???`)

- Hexadecimal strings: `488b??????`

- Scan for pattern in an object file section _(feature: object-scan)_

## Usage

Add this to your `Cargo.toml`:

```toml

[dependencies]

aobscan = "0.3"

```

> **Example:** Scan for 48 8B ? ? ? in `some.bin` with all the available threads, and stop at the first

> match.

```rust

fn main() {

    let data = include_bytes!("some_file.bin");

    let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?")

        .unwrap()

        .with_all_threads()

        .build()

        .scan(data, |offset| {

            println!("Found pattern at offset: 0x{:x}", offset);

            false

        });

}

```

### For a real-world example, check out the [AOBscan CLI](https://github.com/sonodima/aobscan-cli) twin project.

## Benchmark

The results of the `benchmark` example are as follows:

| CPU                | MT Average | ST Average | MT Peak    |

|--------------------|------------|------------|------------|

| Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s  | 12.41 GB/s |