5.9 Search using rules file

You can specify a list of keywords in a single file with its binary mask and use the search engine to find them.

The file format should be something like this:

$ cat token 
token:  Library token
        string: lib
        mask:   ff 00 ff

token:  Realtime
        string: rt
        mask:   ff ff

Note that tab is used to indent the 'string' and 'mask' tokens. The first line specifies the keyword name which have nothing to do with the search.

[0x08049A80]> /. /tmp/token 
Using keyword(Library token,lib,ff 00 ff)
Using keyword(Realtime,rt,ff ff)
Keywords: 2
29 hits found

Now you can move to the 'search' flag space and list the hits with the 'f' command.

[0x08049A80]> fs search
[0x08049A80]> f

Use the '/n' command to seek between the hits. Or just 'n' and 'N' keys in visual mode.