Reputation: 99
How to search for a specific string in a process memory in lldb?
In reverse engineering, it is common trick to search a string and find it's occurrence in code. For example, when you want to bypass a registration or something. You will search the string that shows up on the popup message box, and the condition branch to decide you are register or not is near that address of the reference to that particular string. I can do it in hopper. But I am wondering can I do that in lldb?
I have searched for a couple of hours. And I looked at strings linux command, and image lookup. The most close one is memory find -s, but I don't know what address to pass to the command.
By the way, memory find seems to require the program to be run. Can I do it without setting a breakpoint?
Upvotes: 1
Views: 1176
Answers (1)
Reputation: 99
For anyone that is looking. script import lldb.macosx.heap and there is a command call cstr_refs CSTRING, though I am not sure whether the const cstring literal will show up on Heap or not.
Upvotes: 1
Related Questions
- reverse debugging with lldb
- Find a string memory using lldb
- How to search a specific byte string in process memory in gdb?
- search a string/number in memory using gdb?
- How to simplify memory read if I know register name
- How to use lldb "memory find" command?
- lldb read memory pointer
- How would I search the memory of a process for a specific string?
- How to find a function's memory address with lldb?
- Search for a particular string in a process memory using GDB in OSX