gef allows you to search for a specific pattern at runtime in all the segments
of your process memory layout. The command
to be straight-forward to use:
gef➤ search-pattern MyPattern
It will provide an easily understandable to spot occurences of the specified pattern, including the section it/they was/were found, and the permission associated to that section.
search-pattern can also be used to search for addresses. To do so, simply
ensure that your pattern starts with
0x and is a valid hex address. For
gef➤ search-pattern 0x4005f6
search-pattern command can also be used as a way to search for
cross-references to an address. For this reason, the alias
xref also points
to the command
search-pattern. Therefore the command above is equivalent to
xref 0x4005f6 which makes it more intuitive to use.
Searching in a specific range
Sometimes, you may need to search for a very common pattern. To limit the search space, you can also specify an address range or the section to be checked.
gef➤ search-pattern 0x4005f6 little libc gef➤ search-pattern 0x4005f6 little 0x603100-0x603200