Luca91 Posted April 5, 2023 Posted April 5, 2023 Hi all, I'm trying to use the findall (or better yet, findallmem) command in x64dbg to find all the address matching a pattern. The command is documented here: https://help.x64dbg.com/en/latest/commands/searching/findall.html I see that $result now contains the number of occurences, so the pattern was found (multiple times). Now, this might sound like a silly question (sorry if it is), but how can I actually get the relevant addresses where the pattern was found? 😅 if i use the find command, the relevant address is stored in $result. Where are the addresses stored in the case of findall? Thanks a lot, Luca 1
agentjones Posted April 6, 2023 Posted April 6, 2023 I think the only way is to get them from the ref view. https://github.com/x64dbg/x64dbg/issues/3008 2
Luca91 Posted April 6, 2023 Author Posted April 6, 2023 (edited) Hello, first of all I'd like to thank @agentjones for his reply (and he is technically correct!). The correct way to retrieve the addresses is to use ref.addr(X) where X is the index. For example: ref.addr(0) -> get the first address of the searched pattern ref.addr(1) -> get the second address of the searched pattern and so on... Edited April 6, 2023 by Luca91 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now