scan_pattern
Scan memory for byte patterns in game processes to locate specific code or data addresses for reverse engineering and modification.
Instructions
Scan for Array of Bytes (AoB) pattern.
Args:
pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
scan_regions: Memory protection to scan (default: "r-x" for code)
Returns:
List of matching addresses.Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| pattern | Yes | ||
| scan_regions | No | r-x |
Implementation Reference
- The main handler function for the 'scan_pattern' tool. It uses Frida's Memory.scanSync to search for byte patterns (AoB scans) in specified memory regions (e.g., code sections), supporting wildcards like '??'. Returns list of matching addresses.
@mcp.tool() def scan_pattern(pattern: str, scan_regions: str = "r-x") -> Dict[str, Any]: """ Scan for Array of Bytes (AoB) pattern. Args: pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard) scan_regions: Memory protection to scan (default: "r-x" for code) Returns: List of matching addresses. """ global _session if not _session.is_attached(): return {"error": "Not attached. Use attach() first."} try: frida_pattern = pattern.strip() script_code = f""" var results = []; var pattern = "{frida_pattern}"; var ranges = Process.enumerateRanges("{scan_regions}"); for (var i = 0; i < ranges.length && results.length < 1000; i++) {{ try {{ var matches = Memory.scanSync(ranges[i].base, ranges[i].size, pattern); for (var j = 0; j < matches.length && results.length < 1000; j++) {{ results.push({{address: matches[j].address.toString(), size: matches[j].size}}); }} }} catch (e) {{ }} }} send(JSON.stringify(results)); """ result_data = [] def on_message(message, data): if message['type'] == 'send': result_data.append(message['payload']) script = _session.session.create_script(script_code) script.on('message', on_message) script.load() script.unload() if not result_data: return {"error": "Pattern scan failed"} import json matches = json.loads(result_data[0]) return {"success": True, "pattern": pattern, "found": len(matches), "matches": matches[:50]} except Exception as e: return {"error": f"Pattern scan failed: {str(e)}"} - src/frida_game_hacking_mcp/server.py:192-223 (registration)The 'scan_pattern' tool is registered/listed in the list_capabilities tool's return value under memory_operations category.
"process_management": [ "list_processes", "attach", "detach", "spawn", "resume", "get_session_info" ], "memory_operations": [ "read_memory", "write_memory", "scan_value", "scan_next", "scan_changed", "scan_unchanged", "scan_pattern", "get_scan_results", "clear_scan", "list_memory_regions" ], "module_information": [ "list_modules", "get_module_info", "get_module_exports", "get_module_imports", "resolve_symbol" ], "function_hooking": [ "hook_function", "unhook_function", "replace_function", "hook_native_function", "list_hooks", "intercept_module_function" ], "debugging": [ "set_breakpoint", "remove_breakpoint", "list_breakpoints", "read_registers" ], "script_management": [ "load_script", "unload_script", "call_rpc" ], "window_interaction": [ "list_windows", "screenshot_window", "screenshot_screen", "send_key_to_window", "focus_window" ], "standard": [ "list_capabilities", "get_documentation", "check_installation" ] }, "total_tools": 42 } - Docstring providing input schema (pattern with wildcards, scan_regions like 'r-x') and output description for the scan_pattern tool.
""" Scan for Array of Bytes (AoB) pattern. Args: pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard) scan_regions: Memory protection to scan (default: "r-x" for code) Returns: List of matching addresses. """