[lldb-dev] [Bug 48021] New: lldb - nicer command to search for Bytes

via lldb-dev lldb-dev at lists.llvm.org
Fri Oct 30 09:32:34 PDT 2020


https://bugs.llvm.org/show_bug.cgi?id=48021

            Bug ID: 48021
           Summary: lldb - nicer command to search for Bytes
           Product: lldb
           Version: unspecified
          Hardware: PC
                OS: MacOS X
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: All Bugs
          Assignee: lldb-dev at lists.llvm.org
          Reporter: rustymagnet3001 at gmail.com
                CC: jdevlieghere at apple.com, llvm-bugs at lists.llvm.org

lldb-1200.0.32.1

/******************* sample code ******************/
// Baboon
// 0x42, 0x61, 0x62, 0x6f, 0x6f, 0x6e

const int animalByteArray[7] = { 66, 97, 98, 111, 111, 110 };

void foo_func (const void *ptr) {
    printf ("\n[*]Pointer: %p.\n", ptr);        /* breakpoint here */
}

int main (void) {

    const int *ptr = animalByteArray;

    puts ("[*]Can you change the animal?\n");
    for (; *ptr != '\0'; ++ptr)
       printf ("%c", *ptr);

    foo_func (ptr);
    return 0;
}
/***********************************************/

// Once breakpoint fires, get start and end positions for Memory Search
(lldb) section
[0x00000100000000-0x00000100004000] 0x0000004000 objc_play`__TEXT

// Memory find for "B", max matches of three, from start to end address
(lldb) mem find -s "B" -c 3 -- 0x00000100000000 0x00000100004000
WORKS
(lldb) mem find -s "B   " -c 3 -- 0x00000100000000 0x00000100004000
WORKS

But I try something more intuative:

(lldb) mem find -s "Ba" -c 3 -- 0x00000100000000 0x00000100004000
FAILS
(lldb) mem find -s "Baboon" -c 3 -- 0x00000100000000 0x00000100004000
FAILS
(lldb) mem find -e "\42\61" -c 10 -- 0x00000100000000 0x00000100004000
FAILS
(lldb) mem find -e "\x42\x61" -c 10 -- 0x00000100000000 0x00000100004000
FAILS

If I try the same with radare2 tools:

▶ rabin2 -qz objc_play
0x100003f60 28 6 Baboon


Ultimately, I am trying to figure out how to write the byte buffer I pass the
lldb-python  SBProcess.ReadMemory API.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20201030/525cd439/attachment.html>


More information about the lldb-dev mailing list