"""find_alloc_size.py Search the .text section for `push ` followed by a call (operator new or HeapAlloc) — finds code sites that allocate buffers of that size.""" import struct, sys def main(): path = sys.argv[1] target = int(sys.argv[2], 0) with open(path, 'rb') as f: data = f.read() pe_off = struct.unpack_from(' call 0x{call_target:08x}" elif next_byte == 0xFF: marker = "-> call [...]" else: marker = f"-> next op 0x{next_byte:02x}" va = text_va + off print(f" 0x{va:08x}: push 0x{target:08x} {marker}") found += 1 off += 5 print(f"\nTotal: {found} sites") if __name__ == '__main__': main()