search

solemnwarning / rehex

Reverse Engineers' Hex Editor
https://rehex.solemnwarning.net/
GNU General Public License v2.0
2.3k stars 113 forks source link

Pattern searching / pattern recognition #16

Open hogsy opened 5 years ago

hogsy commented 5 years ago

This is going to be a complicated feature, but the ability to perform a search for multiple hex values in sequence could be incredibly useful.

So for example, I have a package that contains multiple files of the same format but I want to see how many of X there are exactly - I know these files have the same bytes at the start or end - so I enter this information into the search and it highlights the hex values that match for me.

To do this, you might need some sort of search syntax, I'm not sure how this could optimally be introduced; heck maybe this is something for a plugin? But say as an example; 32:b, 32:b, 32:b would perform a search for three bytes in sequence that are equal to 32.

You could also skip so many bytes here as well (32:32i, 256, 32:b, 256, 32:32i).; this would check for a 32-bit integer of 32, skip 256 bytes, check for a byte with a value of 32, skip another 256 bytes and then finally read another 32-bit integer with the value 32.

solemnwarning commented 5 years ago

This will definitely come eventually. I think it would be useful for proving theories about file formats. I envisioned having a C-like syntax with boolean logic and a healthy supply of operators, for example:

int16le(x) == 1234 && (uint(x + 2) & 6) == 2

In that example, x is the offset to be checked, and the functions would yield the value at the given offset, decoded as the type.

In the meantime, it is possible to search for byte sequences, I might add a "search for the selected bytes" option if it feels useful.