Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Search for all strings #131

Closed
GoogleCodeExporter opened this issue Mar 15, 2015 · 6 comments
Closed

Search for all strings #131

GoogleCodeExporter opened this issue Mar 15, 2015 · 6 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

I couldn't find any feature to search for all strings. I can search for 
specific strings, but in OllyDBG you can search for all of the strings in a 
binary.

Original issue reported on code.google.com by gsingh2...@gmail.com on 26 May 2014 at 4:36
@GoogleCodeExporter
Copy link
Author 

I believe the feature you are looking for is part of the "Process Properties" 
plugin.

Choose the "Plugins" menu and then select "Process Properties" and then the sub 
menu item "Process Properties".

Finally on the "Memory" Tab, there is a "Strings" button. From there you can 
select a memory region to list strings found.

As a shortcut, you can use either "Ctrl+P" to bring up the Process Properties 
plugin. Or you can use "Ctrl+S" to bring up the "Strings" dialog directly (this 
being the most convenient option).

Please feel free to re-open the bug if I misunderstood what you were asking for.

Original comment by evan.teran on 1 Jun 2014 at 3:14

  • Changed state: Invalid

@GoogleCodeExporter
Copy link
Author 

Yup, that's what I was looking for. However, that displays a lot fewer strings 
than I can see with the strings command. Is that expected?

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 4:18

@GoogleCodeExporter
Copy link
Author 

A few things.

1. It does it by region, so it's possible that some of the strings are in 
different loaded regions.

2. There is a lower bound of what edb  considers to be strings (this is 
adjustable in the Preferences dialog).

3. Finally, there may be disagreement on what edb considers to be a character 
that is likely a string. If you have some examples of things not found that you 
feel should be, please file a bug report for it and I'll get right on it :-).

Original comment by evan.teran on 1 Jun 2014 at 4:20

@GoogleCodeExporter
Copy link
Author 

I feel like these strings should be found. Here's the binary I'm looking at: 
http://captf.com/2013/csaw-quals/exploitation/exploit2-200/exploit2. If you run 
strings, you get a couple of useful strings, including "Welcome to CSAW CTF". 
These strings don't show up for me in EDB. The only think I get is a path to a 
shared library and the program name. Let me know if I'm doing something wrong 
or you get other output.

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 4:33

@GoogleCodeExporter
Copy link
Author 

Hmm, When I open that binary in edb and run strings on the primary code region 
(8048000-8049000) I see strings like:

"Welcome to CSAW CTF.  Exploitation will be a little harder this year.  Insert 
your exploit here."

at location: 0x08048cf0.

Original comment by evan.teran on 1 Jun 2014 at 4:37

@GoogleCodeExporter
Copy link
Author 

Ah, I see. I figured it out. Thanks for the help.

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 5:12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter