findasm/asmfind

Find assembled instruction.

参数

arg1 Instruction to look for (make sure to use quoted “mov eax, ebx” to ensure you actually search for that instruction). You can use String Formatting here.

[arg2] Address of/inside a memory page to look in. When not specified CIP will be used.

[arg3] The size of the data to search in. Default is the size of the memory region.

结果

$result 变量被设置为找到的引用的数量。

备注

引用视图的内容可以在脚本中用 ref.addr 表达式函数进行迭代。

i = 0 loop: addr = ref.addr(i) log "reference {d:i} = {p:addr}" i++ cmp i, ref.count() jne loop