Find a string memory using lldb

Question

Hello I'm trying to find the address of a string in lldb on mac os.

In GDB I would use the find command with the addresses to search between. But I cannot find such a command for lldb, I know that the string is in the cstring section which in my case is 0x00000000002e4f08-0x000000000032e0a8. But i need to know exactly where.

Answer 1

A simple example that uses three lldb commands image dump sections, memory find, memory read to find a string inside a stripped, release app.

(lldb) image dump sections MyAppBinary 
[0x0000010462c000-0x00000107744000] 0x0003118000 MyApp`__TEXT
[0x00000107744000-0x00000107d48000] 0x0000604000 MyApp`__DATA
/* removed sections for brevity */

(lldb) mem find -s "youtube" -- 0x00000107744000 0x00000107d48000
data found at location: 0x10793362c
0x10793362c: 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 65 6d 62 65  youtube.com/embe


(lldb) memory read -c100 0x10793362c
0x10793362c: 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 65 6d 62 65  youtube.com/embe
0x10793363c: 64 2f 58 46 67 45 59 75 35 71 66 36 38 3f 61 75  d/XFgccu5qf68?a

If you want some useful Aliases and Scripts for lldb you can visit https://github.com/DerekSelander/LLDB. For example, I prefer Derek's script sections instead of image dump sections MyAppBinary.

Answer 2

If you have access to the Xcode 6 pre-release tools, the lldb includes a new memory find command that does this. Enrico added a quick implementation of this command a few months ago.