Frida Game Hacking MCP

Overview Schema Related Servers Score Discussions

scan_pattern

Scan memory for byte patterns in game processes to locate specific code or data addresses for reverse engineering and modification.

Instructions

Scan for Array of Bytes (AoB) pattern.

Args:
    pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
    scan_regions: Memory protection to scan (default: "r-x" for code)

Returns:
    List of matching addresses.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`pattern`	Yes
`scan_regions`	No		r-x

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/frida_game_hacking_mcp/server.py:1097-1153 (handler)

The main handler function for the 'scan_pattern' tool. It uses Frida's Memory.scanSync to search for byte patterns (AoB scans) in specified memory regions (e.g., code sections), supporting wildcards like '??'. Returns list of matching addresses.

@mcp.tool()
def scan_pattern(pattern: str, scan_regions: str = "r-x") -> Dict[str, Any]:
    """
    Scan for Array of Bytes (AoB) pattern.
    
    Args:
        pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
        scan_regions: Memory protection to scan (default: "r-x" for code)
    
    Returns:
        List of matching addresses.
    """
    global _session
    
    if not _session.is_attached():
        return {"error": "Not attached. Use attach() first."}
    
    try:
        frida_pattern = pattern.strip()
        
        script_code = f"""
        var results = [];
        var pattern = "{frida_pattern}";
        var ranges = Process.enumerateRanges("{scan_regions}");
        
        for (var i = 0; i < ranges.length && results.length < 1000; i++) {{
            try {{
                var matches = Memory.scanSync(ranges[i].base, ranges[i].size, pattern);
                for (var j = 0; j < matches.length && results.length < 1000; j++) {{
                    results.push({{address: matches[j].address.toString(), size: matches[j].size}});
                }}
            }} catch (e) {{ }}
        }}
        send(JSON.stringify(results));
        """
        
        result_data = []
        def on_message(message, data):
            if message['type'] == 'send':
                result_data.append(message['payload'])
        
        script = _session.session.create_script(script_code)
        script.on('message', on_message)
        script.load()
        script.unload()
        
        if not result_data:
            return {"error": "Pattern scan failed"}
        
        import json
        matches = json.loads(result_data[0])
        
        return {"success": True, "pattern": pattern, "found": len(matches), "matches": matches[:50]}
    
    except Exception as e:
        return {"error": f"Pattern scan failed: {str(e)}"}

src/frida_game_hacking_mcp/server.py:192-223 (registration)

The 'scan_pattern' tool is registered/listed in the list_capabilities tool's return value under memory_operations category.

        "process_management": [
            "list_processes", "attach", "detach", "spawn", "resume", "get_session_info"
        ],
        "memory_operations": [
            "read_memory", "write_memory", "scan_value", "scan_next",
            "scan_changed", "scan_unchanged", "scan_pattern",
            "get_scan_results", "clear_scan", "list_memory_regions"
        ],
        "module_information": [
            "list_modules", "get_module_info", "get_module_exports",
            "get_module_imports", "resolve_symbol"
        ],
        "function_hooking": [
            "hook_function", "unhook_function", "replace_function",
            "hook_native_function", "list_hooks", "intercept_module_function"
        ],
        "debugging": [
            "set_breakpoint", "remove_breakpoint", "list_breakpoints", "read_registers"
        ],
        "script_management": [
            "load_script", "unload_script", "call_rpc"
        ],
        "window_interaction": [
            "list_windows", "screenshot_window", "screenshot_screen",
            "send_key_to_window", "focus_window"
        ],
        "standard": [
            "list_capabilities", "get_documentation", "check_installation"
        ]
    },
    "total_tools": 42
}

src/frida_game_hacking_mcp/server.py:1099-1108 (schema)

Docstring providing input schema (pattern with wildcards, scan_regions like 'r-x') and output description for the scan_pattern tool.

"""
Scan for Array of Bytes (AoB) pattern.

Args:
    pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
    scan_regions: Memory protection to scan (default: "r-x" for code)

Returns:
    List of matching addresses.
"""

Tool Definition Quality

B3.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden for behavioral disclosure. It mentions what the tool does and the return format, but lacks critical details: it doesn't specify whether this is a read-only operation (though implied by 'scan'), whether it requires specific permissions or process attachment, what happens if no matches are found, or any performance/rate limit considerations. For a memory scanning tool with zero annotation coverage, this is insufficient.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with clear sections: purpose statement, Args with parameter explanations, and Returns. Every sentence adds value—no wasted words. It's appropriately sized for a tool with two parameters and straightforward functionality.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (memory scanning with pattern matching), no annotations, and an output schema exists (which handles return value documentation), the description is partially complete. It covers basic purpose and parameters well, but lacks behavioral context (e.g., safety, prerequisites, error handling) and usage guidance relative to siblings. The output schema reduces the need to describe returns, but other gaps remain.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds meaningful semantic context beyond the input schema. The schema has 0% description coverage (just titles 'Pattern' and 'Scan Regions'), but the description explains: pattern format ('Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)') and scan_regions meaning ('Memory protection to scan (default: "r-x" for code)'). This compensates well for the schema's lack of documentation, though it could elaborate more on valid region values.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Scan for Array of Bytes (AoB) pattern.' This specifies the verb ('Scan') and resource ('Array of Bytes pattern'), making it easy to understand. However, it doesn't explicitly differentiate from sibling tools like 'scan_value', 'scan_changed', or 'scan_next', which appear to be related scanning operations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It mentions default values ('default: "r-x" for code') but doesn't explain when to choose different scan regions or how this tool differs from other scanning tools in the sibling list. There's no mention of prerequisites, constraints, or typical use cases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/0xhackerfren/frida-game-hacking-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server