Assembly 雷达中的ASM模式搜索2

我想在radare2中搜索该类型的ASM模式

pop、mov、mov

这是三条连续的指令：第一条以pop开头，第二条以mov开头，第三条也是

Radare2（）有一个相关的问题，说“itss alrady在/c中实现”，但现在搜索加密材料需要

/c

---

我正在Linux上使用radare2 4.5.0。

这可以通过

/ad

实现（使用版本4.5.0和5.0.1测试）：

r2/bin/ls
>“/ad pop；mov；mov”
0x00009b40#7:pop rbp；mov-rsi，r13；mov-rdi，r12
0x00009bb8#7:pop rbp；mov-rsi，r13；mov-rdi，r12
0x00009c38#7:pop rbp；mov-rsi，r13；mov-rdi，r12
0x00009d40#7：pop rbp；mov-rsi，r13；mov-rdi，r12
0x0000a120#19:pop r12；mov字节[rip+0x1832c]，0；mov dword[rip+0x1817e]，0
0x0000a120#18：pop rsp；mov字节[rip+0x1832c]，0；mov dword[rip+0x1817e]，0
0x000120f1#9：pop rcx；mov-rcx，qword[rbx]；mov edx，2

注意：命令周围的引号（“）是必需的，因为radare2还使用分号来链接命令

供参考（radare2 5.0.1）：

> /a?
Usage: /a[?] [arg]  Search for assembly instructions matching given properties
| /a push rbp           Assemble given instruction and search the bytes
| /a1 [number]          Find valid assembly generated by changing only the nth byte
| /aI                   Search for infinite loop instructions (jmp $$)
| /aa mov eax           Linearly find aproximated assembly (case insensitive strstr)
| /ac mov eax           Same as /aa, but case-sensitive
| /ad[/*j] push;mov     Match ins1 followed by ins2 in linear disasm
| /ad/ ins1;ins2        Search for regex instruction 'ins1' followed by regex 'ins2'
| /ad/a instr           Search for every byte instruction that matches regexp 'instr'
| /ae esil              Search for esil expressions matching substring
| /af[l] family         Search for instruction of specific family (afl=list
| /ai[j] 0x300 [0x500]  Find all the instructions using that immediate (in range)
| /al                   Same as aoml, list all opcodes
| /am opcode            Search for specific instructions of specific mnemonic
| /ao instr             Search for instruction 'instr' (in all offsets)
| /as[l] ([type])       Search for syscalls (See /at swi and /af priv)
| /at[l] ([type])       Search for instructions of given type