search_byte_sequence
Locate specific byte sequences in a binary file using defined start and end addresses for precise reverse engineering and analysis.
Instructions
Search for a byte sequence in the binary
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| bytes | Yes | Byte sequence to search for (e.g., "90 90 90" for three NOPs) | |
| endAddress | No | End address for search (optional) | |
| startAddress | No | Start address for search (optional) |
Implementation Reference
- index.ts:565-600 (handler)MCP CallToolRequest handler for 'search_byte_sequence': validates input arguments, calls IDARemoteClient.searchForByteSequence, formats and returns search results or error.case 'search_byte_sequence': if (!isValidSearchByteSequenceArgs(request.params.arguments)) { throw new McpError( ErrorCode.InvalidParams, 'Invalid search byte sequence arguments' ); } try { const { bytes, startAddress, endAddress } = request.params.arguments; const result = await ida.searchForByteSequence(bytes, { startAddress, endAddress }); return { content: [ { type: 'text', text: `Found ${result.count} occurrences of byte sequence "${bytes}":\n\n${JSON.stringify(result.results, null, 2) }`, }, ], }; } catch (error: any) { return { content: [ { type: 'text', text: `Error searching for byte sequence: ${error.message || error}`, }, ], isError: true, }; }
- idaremoteclient.ts:412-437 (helper)IDARemoteClient method implementing the core logic: constructs query parameters for byte sequence and optional address range, performs HTTP GET to IDA Pro Remote Control /search/bytes endpoint.async searchForByteSequence( byteSequence: string, options: { startAddress?: number | string; endAddress?: number | string; } = {} ): Promise<ByteSequenceSearchResponse> { const params = new URLSearchParams(); params.append('bytes', byteSequence); if (options.startAddress !== undefined) { const startAddr = typeof options.startAddress === 'string' ? options.startAddress : options.startAddress.toString(); params.append('start', startAddr); } if (options.endAddress !== undefined) { const endAddr = typeof options.endAddress === 'string' ? options.endAddress : options.endAddress.toString(); params.append('end', endAddr); } return this.get<ByteSequenceSearchResponse>(`/search/bytes?${params.toString()}`); }
- index.ts:288-309 (registration)Tool registration in ListToolsRequestSchema handler, defining name, description, and JSON input schema for MCP protocol.{ name: 'search_byte_sequence', description: 'Search for a byte sequence in the binary', inputSchema: { type: 'object', properties: { bytes: { type: 'string', description: 'Byte sequence to search for (e.g., "90 90 90" for three NOPs)', }, startAddress: { type: 'string', description: 'Start address for search (optional)', }, endAddress: { type: 'string', description: 'End address for search (optional)', }, }, required: ['bytes'], }, },
- index.ts:49-53 (schema)TypeScript interface defining the input arguments structure for search_byte_sequence tool.interface SearchByteSequenceArgs { bytes: string; startAddress?: string | number; endAddress?: string | number; }
- index.ts:113-119 (helper)Type guard validator function for SearchByteSequenceArgs input validation.const isValidSearchByteSequenceArgs = (args: any): args is SearchByteSequenceArgs => { return ( typeof args === 'object' && args !== null && typeof args.bytes === 'string' ); };