findguid/guidfind

Find references to GUID. The referenced GUID must be registered in the system, otherwise it will not be found.

参数

[arg1] The base of the memory range. If not specified, RIP 或 EIP will be used.

[arg2] The size of the memory range.

[arg3] The region to search.0 is current region (specified with arg1 and arg2).1 is current module (the module specified with arg1). 2 is all modules.

结果

Set $result to1 if any GUID is found,0 otherwise.

备注

引用视图的内容可以在脚本中用 ref.addr 表达式函数进行迭代。

i = 0 loop: addr = ref.addr(i) log "reference {d:i} = {p:addr}" i++ cmp i, ref.count() jne loop