AOBscan 📝

AOBscan is a library for multi-threaded AOB memory scanning, aimed at malware analysis and reverse engineering.

This library implements helpful features for scanning for patterns in data slices or object files sections. (allowing for extremely fast scans)

Features

• Single-threaded and multi-threaded scanning
• Match selection using callback functions
• IDA-style patterns: 48 8b ? ? ? 48 8c ?? ?? ?? ??
• Code-style signatures/masks: (\x48\x8b\x00\x00\x00, ..???)
• Hexadecimal strings: 488b??????
• Scan for pattern in an object file section (feature: object-scan)

Usage

Add this to your Cargo.toml:

toml [dependencies] aobscan = "0.3"

Example: Scan for 48 8B ? ? ? in some.bin with all the available threads, and stop at the first match.

rust fn main() { let data = include_bytes!("some_file.bin"); let result = aobscan::Pattern::from_ida_style("48 8B ? ? ? ?") .unwrap() .with_all_threads() .build() .scan(data, |offset| { println!("Found pattern at offset: 0x{:x}", offset); false }); }

For a real-world example, check out the AOBscan CLI twin project.

Benchmark

The results of the benchmark example are as follows:

| CPU | MT Average | ST Average | MT Peak | |--------------------|------------|------------|------------| | Apple M1 Pro (10C) | 10.17 GB/s | 1.42 GB/s | 12.41 GB/s |