auto generated help

commands/data/analyse.md

@@ -0,0 +1,11 @@
+
+# analyse[,analyze,anal]
+
+Do function analysis.
+
+## arguments
+
+This command has no arguments.
+
+## result
+This command does not set any result variables.

commands/data/find.md

@@ -0,0 +1,14 @@
+
+# find
+
+Find a pattern.
+
+## arguments
+
+  arg1: The address to start searching from. Notice that the searching will stop when the end of the memory page this address resides in has been reached. This means you cannot search the complete process memory without enumerating the memory pages first.
+  arg2: The byte pattern to search for. This byte pattern can contain wildcards (?) for example: "EB0?90??8D".
+[arg3]: The size of the data to search in.
+
+## result 
+The $result variable is set to the virtual address of the address that matches the byte pattern. $result will be 0 when the pattern could not be matched.
+

commands/data/findall.md

@@ -0,0 +1,13 @@
+# findall
+Find all occurrences of a pattern.
+
+## arguments  
+
+[arg1]: The address to start searching from. Notice that the searching will stop when the end of the memory page this address resides in has been reached. This means you cannot search the complete process memory without enumerating the memory pages first.  
+
+[arg2]: The byte pattern to search for. This byte pattern can contain wildcards (?) for example: `EB0?90??8D`.   
+
+[arg3]: The size of the data to search in.
+
+## result
+`$result` is set to the number of occurrences.

commands/data/findasm.md

@@ -0,0 +1,13 @@
+
+# findasm[,asmfind]
+
+Find assembled instruction.
+
+## arguments
+
+  arg1: Instruction to look for (make sure to use "mov eax, ebx" to ensure you actually search for that instruction).
+[arg2]: Address of/inside a memory page to look in. When not specified CIP will be used. 
+[arg3]: The size of the data to search in.
+
+## result 
+The $result variable is set to the number of references found. 

commands/data/reffind.md

@@ -0,0 +1,13 @@
+
+# reffind[,findref,ref]
+
+Find references to a certain value.
+
+## arguments
+
+  arg1: The value to look for.
+[arg2]: Address of/inside a memory page to look in. When not specified CIP will be used. 
+[arg3]: The size of the data to search in.
+
+## result 
+The $result variable is set to the number of references found. 

commands/data/reffindrange.md

@@ -0,0 +1,13 @@
+# reffindrange[,findrefrange,refrange]
+
+Find references to a certain range of values.
+
+## arguments
+
+[arg1]: Start of the range (will be included in the results when found).
+[arg2]: End of range (will be included in the results when found). When not specified the first argument will be used.
+[arg3]: Address of/inside a memory page to look in. When not specified CIP will be used. 
+[arg4]: The size of the data to search in.
+
+## result
+The `$result` variable is set to the number of references found. 

commands/data/refstr.md

@@ -0,0 +1,12 @@
+
+# refstr[,strref]
+
+Find referenced text strings.
+
+## arguments
+
+[arg1]: Address of/inside a memory page to find referenced text strings in. When not specified CIP will be used.
+[arg2]: The size of the data to search in.
+
+## result 
+The $result variable is set to the number of string references found.

commands/data/yara.md

@@ -0,0 +1,13 @@
+
+# yara
+
+Apply Yara rules to a memory range.
+
+## arguments
+
+  arg1: Rules file to apply. This should be a full path.
+[arg2]: Start address of the range to apply the rules to. If not specified, the disassembly selection will be used.
+[arg3]: Size of the range to apply the rules  to. When not specified, the whole page will be used.
+
+## result
+This command does not set any result variables.

commands/data/yaramod.md

@@ -0,0 +1,12 @@
+
+# yaramod
+
+Apply Yara rules to a module.
+
+## arguments
+
+  arg1: Rules file to apply. This should be a full path.
+  arg2: Name of the module to apply the rules to.
+
+## result
+This command does not set any result variables.