Package winappdbg :: Module search :: Class HexPattern

Class HexPattern

Hexadecimal pattern.

Hex patterns must be in this form:

   "68 65 6c 6c 6f 20 77 6f 72 6c 64"  # "hello world"

Spaces are optional. Capitalization of hex digits doesn't matter. This is exactly equivalent to the previous example:

   "68656C6C6F20776F726C64"            # "hello world"

Wildcards are allowed, in the form of a ? sign in any hex digit:

   "5? 5? c3"          # pop register / pop register / ret
   "b8 ?? ?? ?? ??"    # mov eax, immediate value

Instance Methods

[hide private]

__init__(self, hexa)
Hex patterns must be in this form:

source code

__len__(self)
Returns the maximum expected length of the strings matched by this pattern. (Inherited from winappdbg.search.RegExpPattern)

source code

tuple( int, int )

find(self, buffer, pos=None)
Searches for the pattern in the given buffer, optionally starting at the given position within the buffer. (Inherited from winappdbg.search.RegExpPattern)

source code

tuple( int, int, str )

found(self, address, size, data)
This method gets called when a match is found. (Inherited from winappdbg.search.Pattern)

source code

read(self, process, address, size)
Reads the requested number of bytes from the process memory at the given address. (Inherited from winappdbg.search.Pattern)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Static Methods

[hide private]

a new object with type S, a subtype of T

__new__(cls, pattern)
If the pattern is completely static (no wildcards are present) a BytePattern is created instead.

source code

Instance Variables

[hide private]

int

flags
Regular expression flags. (Inherited from winappdbg.search.RegExpPattern)

int

maxLength
Maximum expected length of the strings matched by this regular expression. (Inherited from winappdbg.search.RegExpPattern)

str

pattern
Regular expression in text form.

re.compile

regexp
Regular expression in compiled form. (Inherited from winappdbg.search.RegExpPattern)

Properties

[hide private]

Inherited from object: __class__

Method Details

[hide private]

new(cls, pattern)
Static Method

source code

If the pattern is completely static (no wildcards are present) a BytePattern is created instead. That's because searching for a fixed byte pattern is faster than searching for a regular expression.

Returns: a new object with type S, a subtype of T
Overrides: object.__new__

init(self, hexa)
(Constructor)

source code

Hex patterns must be in this form:

   "68 65 6c 6c 6f 20 77 6f 72 6c 64"  # "hello world"

Spaces are optional. Capitalization of hex digits doesn't matter. This is exactly equivalent to the previous example:

   "68656C6C6F20776F726C64"            # "hello world"

Wildcards are allowed, in the form of a ? sign in any hex digit:

   "5? 5? c3"          # pop register / pop register / ret
   "b8 ?? ?? ?? ??"    # mov eax, immediate value

Parameters:

hexa (str) - Pattern to search for.

Overrides: object.__init__

Class HexPattern

__new__(cls, pattern) Static Method

__init__(self, hexa) (Constructor)

new(cls, pattern)
Static Method

init(self, hexa)
(Constructor)