Difference between revisions of "Findbinary(searcharea)"
(→Examples: added second example) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | {{ | + | {{AdvParamInfo |
− | Searches for hex pattern in file in range defined by textbegin and textend using the Boyer-Moore algorithm. | + | |SYNTAX = findbinary[searcharea] |
+ | |TITLESYNTAX = findbinary(searcharea) | ||
+ | |PREVIOUS = bininstream | ||
+ | |VARIANTS = | ||
+ | |PEVERSION = ??? < 1.5.4.5 | ||
+ | |GROUP = Binary Anywhere Matching | ||
+ | }}Searches for hex pattern in file in range defined by textbegin and textend using the Boyer-Moore algorithm. | ||
==Usage== | ==Usage== | ||
Line 6: | Line 12: | ||
===Examples=== | ===Examples=== | ||
− | begin[searcharea]=0,end[searcharea]= | + | begin[searcharea]=0,end[searcharea]=1023,findbinary[searcharea]=48616C6C6F57656C74 |
+ | section[searcharea]=.text,findbinary[searcharea]= 558BEC83C4F0 | ||
− | + | # Searches for ''HalloWelt'' inside the first 1024 bytes of the file. | |
+ | # Searches for <tt>PUSH EBP; MOV EBP, ESP; ADD ESP, F0</tt> within the code section of a Delphi application. | ||
===Description=== | ===Description=== |
Latest revision as of 17:21, 24 February 2008
findbinary[searcharea] | |
Variants | findbinary[searcharea] |
Previously | bininstream |
Group | Binary Anywhere Matching |
Version | advcheck.dll ??? < 1.5.4.5 |
Searches for hex pattern in file in range defined by textbegin and textend using the Boyer-Moore algorithm.
Contents
Usage
findbinary[searcharea]=<text(hexstring)>
Examples
begin[searcharea]=0,end[searcharea]=1023,findbinary[searcharea]=48616C6C6F57656C74 section[searcharea]=.text,findbinary[searcharea]= 558BEC83C4F0
- Searches for HalloWelt inside the first 1024 bytes of the file.
- Searches for PUSH EBP; MOV EBP, ESP; ADD ESP, F0 within the code section of a Delphi application.
Description
Searches for hex pattern in file in the defined range using the Boyer-Moore algorithm. To define the range, take a look at begin[searcharea] and end[searcharea], or section[searcharea].
See also
Similar parameters
- begin(searcharea)
- end(searcharea)
- ephex
- findtext(searcharea)
- greptext(searcharea)
- section(searcharea)