Skip to content

search¤

Description¤

Search memory for byte sequences, strings, pointers, and integer values.

By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.

Usage:¤

1
2
3
4
5
6
usage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]
              [-1] [-2] [-4] [-8] [-p] [--asm]
              [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]
              [--asmbp] [-x] [-e] [-w] [-s STEP] [-l LIMIT] [-a ALIGNED]
              [--save] [--no-save] [-n] [--trunc-out]
              value [mapping_name]

Positional Arguments¤

Positional Argument Help
value Value to search for
mapping_name Mapping to search [e.g. libc]

Optional Arguments¤

Short Long Default Help
-h --help show this help message and exit
-t --type bytes Size of search target (default: %(default)s)
-1 --byte None Search for a 1-byte integer
-2 --short None Search for a 2-byte integer
-4 --dword None Search for a 4-byte integer
-8 --qword None Search for an 8-byte integer
-p --pointer None Search for a pointer-width integer
--asm None Search for an assembly instruction
--arch None Target architecture
--asmbp Set breakpoint for found assembly instruction (default: %(default)s)
-x --hex Target is a hex-encoded (for bytes/strings) (default: %(default)s)
-e --executable Search executable segments only (default: %(default)s)
-w --writable Search writable segments only (default: %(default)s)
-s --step None Step search address forward to next alignment after each hit (ex: 0x1000)
-l --limit None Max results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting
-a --aligned None Result must be aligned to this byte boundary
--save None Save results for further searches with --next. Default comes from config 'auto-save-search'
--no-save None Invert --save
-n --next Search only locations returned by previous search with --save (default: %(default)s)
--trunc-out Truncate the output to 20 results. Differs from --limit in that it will first save all search results (default: %(default)s)