v1.0.0

sigscan_module()

This function scans all the memory blocks whose name matches the regex parameter. It uses the Extended Regular Expression (ERE) syntax, so keep that in mind before escaping certain characters like +, ?, etc. See also BRE vs. ERE.

#include "libsigscan.h"

#define MODULE_REGEX ".+/libc.so.6"
#define SIGNATURE    "DE AD BE EF ? ? CA FE"

/* Search only in this module. */
void* match = sigscan_module(MODULE_REGEX, SIGNATURE);

sigscan()

This function scans the whole memory being used by the process (except the regions that start with [ in /proc/self/maps, like heap, stack, etc.). Keep in mind that depending on the memory being used by the process, it might take a few seconds, so it's better to filter the module name whenever possible.

This function is just a wrapper, and calling it is the same as passing NULL as the first parameter to sigscan_module.

#include "libsigscan.h"

#define SIGNATURE "DE AD BE EF ? ? CA FE"

/* Look for those bytes in all loaded modules. */
void* match = sigscan(SIGNATURE);