i understand, but can you tell me about math TMP * 2
at line 6? was it necessary? because TMP is 4 and with * 2, it reading 8 times and other 4 times is just zero
but after take a look at line 9, you did it in this way: string SEARCH + TMP2
actually, you just attaching decimal numbers together, (you can set all \x00 to \xFF in line 2 and add a print "%TMP2%"
after line 8 to see it) like below example
math TMP = 4
set MEMORY_FILE binary "\xFF\x01\x00\x02\x00\x03"
getdstring SEARCH TMP MEMORY_FILE
set SEARCH1 string SEARCH
set SEARCH string ""
math TMP * 2
for i = 0 < TMP
getvarchr TMP2 SEARCH1 i
string SEARCH + TMP2
and about line 12: string SEARCH h SEARCH
you want to alterant 01020000 to hex, but we want to find \x00\x01\x00\x02 in MEMORY_FILE5, right? so it ended to \x01\x02?! i think reason is getvarchr, because it just reading decimal numbers and string SEARCH h SEARCH
reading string two character by two character and set them as hex, so for example, \xFF\x01\x00\x02 is 4 decimal number and getvarchar and string will make 255102
here a clear examlpe that tells its not working with \x00
set MEMORY_FILE binary "\x00\x01\x00\x02\x00\x03"
get MEM_SIZE asize MEMORY_FILE
string HEX_STRING = ""
for i = 0 < MEM_SIZE
get BYTE_NUM byte MEMORY_FILE #same job as getvarchr to get every VAR in for-next
string HEX_BYTE p "%02x" BYTE_NUM #so it will make a real hex-string
string HEX_STRING + HEX_BYTE
print "hex string: %HEX_STRING%"
string HEX_STRING h HEX_STRING #and it will make it byte, but its string! so \x00 will be a problem!
set MEMORY_FILE5 binary "\x00\x01\x00\x02\x00\x03"
findloc RESULT binary HEX_STRING MEMORY_FILE5 ""
print "Result: %RESULT%"
null terminate: means reading string until \x00