How do I locate a string "FooBar" in the running image of a stripped binary in gdb?

Michael Snyder msnyder@cygnus.com
Fri Jun 1 17:55:00 GMT 2001


Richard Harris wrote:
> 
> I need to locate a string which has the contents "FooBar".
> The binary is stripped. And no debugging information is present.
> I know the presence of the string "FooBar" because
> I am able to see the string in /proc/kcore
> 
> How do I locate the string when I am tracing the binary
> through gdb.
> 
> I wrote a macro that walks from address1 to address2 and checks
> for the substring FooBar, but it takes forever.

I can't think of any better way.  

> How can I narrow the search down?

Perhaps by searching only the .data or .bss section?
Or the malloc heap?  Or the stack?  Assuming that you 
know your string is either in data, bss, stack or heap...



More information about the Gdb mailing list