💾 Archived View for radare.org › book › search_bytes › search_in_assembly.gmi captured on 2024-05-10 at 11:00:28. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
If you want to search for a certain assembler opcodes, you can use `/a` commands.
The command `/ad/ jmp [esp]` searches for the specified category of assembly mnemonic: ``` [0x00404888]> /ad/ jmp qword [rdx] f hit_0 @ 0x0040e50d # 2: jmp qword [rdx] f hit_1 @ 0x00418dbb # 2: jmp qword [rdx] f hit_2 @ 0x00418fcb # 3: jmp qword [rdx] f hit_3 @ 0x004196ab # 6: jmp qword [rdx] f hit_4 @ 0x00419bf3 # 3: jmp qword [rdx] f hit_5 @ 0x00419c1b # 3: jmp qword [rdx] f hit_6 @ 0x00419c43 # 3: jmp qword [rdx] ```
The command `/a jmp eax` assembles a string to machine code, and then searches for the resulting bytes: ``` [0x00404888]> /a jmp eax hits: 1 0x004048e7 hit3_0 ffe00f1f8000000000b8 ```