This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug gdb/21945] New: Improve find command string search

From: "dominik.b.czarnota+bugzilla at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Fri, 11 Aug 2017 14:13:38 +0000
Subject: [Bug gdb/21945] New: Improve find command string search
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=21945

            Bug ID: 21945
           Summary: Improve find command string search
           Product: gdb
           Version: 8.0
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: dominik.b.czarnota+bugzilla at gmail dot com
  Target Milestone: ---

Hey,

It is pretty hard to find "part of string" using `find` command.
See an example below (the prompt/plugin I use doesn't change anything here).

So I am debugging /bin/ls binary when it is in its entry point (_start
function). We have got a "/bin/ls" string on 0x7fffffffdabe:
```
pwndbg> x/s 0x7fffffffdabe
0x7fffffffdabe:    "/bin/ls"
```

This is actually a null-terminated string. Finding all of it works fine:
```
pwndbg> find 0x7fffffffdabe, +100, "/bin/ls"
0x7fffffffdabe
1 pattern found.
```

Lets try to find just a part of it:
```
pwndbg> find 0x7fffffffdabe, +500, "/bin/"
Pattern not found.
```

It doesn't work. Why? The manual -
https://sourceware.org/gdb/onlinedocs/gdb/Searching-Memory.html - states it
perfectly:
> All values are interpreted in the current language.
> This means, for example, that if the current source language is C/C++ then searching for the string “hello” includes the trailing ’\0’.


So one way to find it is to find it by characters:
    find 0x7fffffffdabe, +500, '/','b','i','n'

Or using a cast to truncate null-terminator:
    find 0x7fffffffdabe, +500, {char[5]}"/bin/"


It would be nice to do one of two:

1. Change the current logic so null terminator wouldn't be explicitly added -
this is how it works when searching with Python GDB API:
```
pwndbg> search "/bin/ls"pwndbg> py import gdb; print("%x" %
gdb.selected_inferior().search_memory(0x7fffffffdabe, 500, "/bin/"))
7fffffffdabe
```

2. Change both manual and `help find` result to add this information about
null-terminated strings and the possibility how to search for a string.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]