From ede2c4e99ff0ff9b361282b972ca1cbfad9c6565 Mon Sep 17 00:00:00 2001 From: Rakholiya Jenish Date: Thu, 14 Jan 2016 23:40:43 +0530 Subject: [PATCH] Add support for character search Add support to search number (for example: `1234`) in character string as characters instead of integers. It also supports searching of characters directly in hex form for characters such as `\xff`. --- pwndbg/commands/search.py | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/pwndbg/commands/search.py b/pwndbg/commands/search.py index 942f2a4b0..140af704e 100644 --- a/pwndbg/commands/search.py +++ b/pwndbg/commands/search.py @@ -13,17 +13,31 @@ import pwndbg.vmmap @pwndbg.commands.Command @pwndbg.commands.OnlyWhenRunning -def search(value): +def search(searchtype, value=None): """ Search memory for the specified value, provided either as a pointer-width integer, or a string. > search 0xdeadbeef > search "/bin/sh" + + To search 1234 in a character string instead of integer + > search/c 1234 + + To search for characters using hex values in string + > search/xc f0f1f2f3 + > search/xc \xf0\xf1\xf2\xf3 + > search/xc \\xf0\\xf1\\xf2\\xf3 """ + + if value: + searchtype = searchtype[1:] + else: + value, searchtype = searchtype, value + hits = set() - for address in pwndbg.search.search(value): + for address in pwndbg.search.search(value, searchtype): if not address: continue @@ -47,12 +61,23 @@ def search(value): @pwndbg.commands.Command @pwndbg.commands.OnlyWhenRunning -def searchmem(value): +def searchmem(searchtype, value=None): """ Search memory for the specified value, provided either as a pointer-width integer, or a string. > search 0xdeadbeef > search "/bin/sh" + + To search 1234 in a character string instead of integer + > search/c 1234 + + To search for characters using hex values in string + > search/xc f0f1f2f3 + > search/xc \xf0\xf1\xf2\xf3 + > search/xc \\xf0\\xf1\\xf2\\xf3 """ - return search(value) + if value: + return search(searchtype, value) + else: + return search(searchtype)