SivaDotRender
Reputation: 1651
Searching for UTF8 encoded strings in memory
Using windbg, is it possible to search for a UTF8 encoded strings in memory. For example I am trying to find the following string in memory:
memory contents: 3c 00 64 00 69 00 76 00 20 00 69 00 64 00 3d 00
corresponding string: "<.d.i.v. .i.d.=."
Is it possible to execute a search function as follows?
search "\<d\0x00i\0x00v\0x00 \0x00i\0x00d\0x00=\0x00"
where \0x00 represents hex 00 in memory.
Upvotes: 2
Views: 861
Answers (1)
blabb
Reputation: 9007
lkd> s -u nt l10000 "cat"
804dcbec 0063 0061 0074 0069 006f 006e 0050 006f c.a.t.i.o.n.P.o.
804dedfa 0063 0061 0074 0069 006f 006e 0073 0000 c.a.t.i.o.n.s...
804dfa5e 0063 0061 0074 0069 006f 006e 0046 0072 c.a.t.i.o.n.F.r.
804dfb5c 0063 0061 0074 0069 006f 006e 0050 0072 c.a.t.i.o.n.P.r.
or for your actual search string
lkd> s -u 0 L?10000000 "<div id"
009f582e 003c 0064 0069 0076 0020 0069 0064 0022 <.d.i.v. .i.d.".
009f5924 003c 0064 0069 0076 0020 0069 0064 0022 <.d.i.v. .i.d.".
00a08200 003c 0064 0069 0076 0020 0069 0064 0022 <.d.i.v. .i.d.".
00a0b598 003c 0064 0069 0076 0020 0069 0064 0022 <.d.i.v. .i.d.".
Upvotes: 4
Related Questions
- Any caveats when searching for a UTF-8 code point in a string?
- How to easily detect utf8 encoding in the string?
- How to detect UTF16 strings in PE files
- C++11 - Unicode string - find if contains non-ascii based characters
- Search for unicode string (UTF-16) in PCap file captured by WireShark
- How to detect the equivalent Windows code pages for UTF8 text
- Get Strings in right encoding in c++
- Storing and retrieving UTF-8 strings from Windows resource (RC) files
- Extract unicode text from dump file
- Win32 UTF-16 character indexing