"Sputnik" help  
Sputnik Help
BinaryAobScan(<binary>, <aobPattern>, [<start>], [<length>])

Description

The BinaryAobScan function searches for a specific pattern of bytes (also known as an "array of bytes" or AOB) within a binary data string. It returns the position of the first occurrence of the pattern within the binary data.

Parameters

<binary> The binary string to search in.
<pattern> The AOB pattern to search for.
[<start>] Optiona starting position from which the search should begin. If not provided, the search starts from the beginning of the binary string. (Default: 0)
[<length>] Optional length of the range within which the search should be performed. If not provided, the search extends to the end of the binary string. (Default: Full length of the binary)

Return Value

Success: Returns true.
Failure: Returns false.

Remarks

The BinaryAobScan function searches for a specific pattern of bytes, known as an "array of bytes" (AOB), within a binary data string. An AOB is represented as a sequence of hexadecimal bytes separated by spaces. For example, "EF AB" represents two bytes with values EF and AB.

In addition to specifying exact byte values, you can use wildcard characters to match any byte value at a particular position. The wildcard characters available are:

x or X: Matches any hexadecimal digit (0-9, A-F, a-f).
?: Matches any single byte.
*: Matches any number of bytes (zero or more).
For example, "*F ** 2*" represents an AOB pattern where the first byte can be any value (*), the second byte must be F, the third byte can be any value (**), and the fourth byte must be 2.

Note that the BinaryAobScan function returns the position of the first occurrence of the specified AOB pattern within the binary data. If the pattern is not found, it returns -1.

Related

PtrAobScan

Example

Here's an example to illustrate the usage of BinaryAobScan:

my $bin = null;
vec($bin, 5000, 8) = 0xEF;
vec($bin, 5001, 8) = 0xAB;

vec($bin, 6000, 8) = 0xEF;
vec($bin, 6001, 8) = 0xAB;
vec($bin, 6002, 8) = 0x2C;

vec($bin, 7000, 8) = 0x00;

say "Binary size = " . count($bin);
say "AobScan = " . BinaryAobScan($bin, "EF AB");
say "AobScan = " . BinaryAobScan($bin, "EF AB 2C");
say "AobScan = " . BinaryAobScan($bin, "*F ** 2*");

// PRINTS
// Binary size = 7001
// AobScan = 5000
// AobScan = 6000
// AobScan = 6000
In this example, we create a binary data string ($bin) and assign values to specific positions using the Vec function. The binary data contains various patterns, including the AOBs "EF AB", "EF AB 2C", and "*F ** 2*".

The output of the example shows the results of the count function, which returns the size of the binary data, as well as the BinaryAobScan function calls. The positions of the first occurrences of the specified AOB patterns within the binary data are displayed.

Here is an interesting example of using the AOB scan to find something within a struct in this case the passwords:

#define PM(mem) TypeDefMember("Account", #mem)

TypeDef(q~
    struct {
        int32_t userId;
        int32_t userIcon;
        char_t userName[16];
        char_t login[16];
        char_t password[16];
        uint32_t privKick : 1;
        uint32_t privBan : 1;
        uint32_t privDownload : 1;
        uint32_t privUpload: 1;
    } Account;
~);

my $adminAcc = TypeDefInst("Account", 142, 4646, "Administrator", "admin", "pass123", 1, 1, 1, 1);
my $guestAcc = TypeDefInst("Account", 121, 4235, "Guest", "guest", "pass183", 1, 1, 1, 1);

my $scanAdmin = BinaryAobScan($adminAcc, "31 ?? 33");
say "(Admin) AobScan = " . $scanAdmin . ", Password = " . substr((raw)$adminAcc, $scanAdmin, 3);

my $scanGuest = BinaryAobScan($guestAcc, "31 ?? 33");
say "(Guest) AobScan = " . $scanGuest . ", Password = " . substr((raw)$guestAcc, $scanGuest, 3);

// PRINTS
// (Admin) AobScan = 44, Password = 123
// (Guest) AobScan = 44, Password = 183

 


Contact
Cheryl (uberfox@hotmail.com)
Homepage
http://ubersoft.org