diff --git a/FEATURES.md b/FEATURES.md
index ba95316fd..508716b38 100644
--- a/FEATURES.md
+++ b/FEATURES.md
@@ -136,6 +136,11 @@ Pwndbg makes searching the target memory space easy, with a complete and easy-to
 
 ![](caps/search.png)  
 
+## Finding Leaks
+![](caps/leakfind.png)
+Finding leak chains can be done using the `leakfind` command. It recurisvely inspects address ranges for pointers, and reports on all pointers found.
+
+
 ## Telescope
 
 Inspecting memory dumps is easy with the `telescope` command.  It recursively dereferences a range of memory, letting you see everything at once.  As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
diff --git a/caps/leakfind.png b/caps/leakfind.png
new file mode 100644
index 000000000..6d96bdbdd
Binary files /dev/null and b/caps/leakfind.png differ
diff --git a/pwndbg/commands/leakfind.py b/pwndbg/commands/leakfind.py
index bb3398927..f234edba9 100644
--- a/pwndbg/commands/leakfind.py
+++ b/pwndbg/commands/leakfind.py
@@ -15,6 +15,7 @@ import gdb
 
 import pwndbg.color.chain as C
 import pwndbg.color.memory as M
+import pwndbg.color.message as message
 import pwndbg.color.theme as theme
 import pwndbg.commands
 import pwndbg.vmmap
@@ -66,10 +67,9 @@ parser.add_argument("-s", "--step", nargs="?", default=0x1, help="Step to add be
 parser.add_argument('--negative_offset',nargs="?", default=0x0, help="Max negative offset to search before an address when looking for a leak")
 @pwndbg.commands.ArgparsedCommand(parser)
 @pwndbg.commands.OnlyWhenRunning
-def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, stride=0x1, negative_offset=0x0):
+def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, step=0x1, negative_offset=0x0):
     if address is None:
         raise argparse.ArgumentTypeError('No starting address provided.')
-
     foundPages = pwndbg.vmmap.find(address)
 
     if not foundPages:
@@ -82,9 +82,9 @@ def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, strid
     # Just warn the user that a large depth might be slow.
     # Probably worth checking offset^depth < threshold. Do this when more benchmarking is established.
     if max_depth > 8:
-        print("leakfind may take a while to run on larger depths.")
+        print(message.warn("leakfind may take a while to run on larger depths."))
     
-    stride = int(stride)
+    stride = int(step)
     address = int(address)
     max_offset = int(max_offset)
     negative_offset = int(negative_offset)
@@ -111,6 +111,7 @@ def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, strid
         time_to_depth_increase -= 1
         for cur_addr in range(cur_start_addr - negative_offset, cur_start_addr + max_offset, stride):
             try:
+                cur_addr &= pwndbg.arch.ptrmask
                 result = int(pwndbg.memory.pvoid(cur_addr))
                 if result in visited_map or result in visited_set:
                     continue