9

According to the lldb online help, memory find should work like this:

Find a value in the memory of the process being debugged.

Syntax: memory find <cmd-options> <address> <value> [<value> [...]]

Command Options Usage:
  memory find <address> <value> [<value> [...]]
  memory find [-e <expr>] [-s <name>] [-c <count>] [-o <offset>] <address> <value> [<value> [...]]

       -c <count> ( --count <count> )
            How many times to perform the search.

       -e <expr> ( --expression <expr> )
            Evaluate an expression to obtain a byte pattern.

       -o <offset> ( --dump-offset <offset> )
            When dumping memory for a match, an offset from the match location
            to start dumping from.

       -s <name> ( --string <name> )
            Use text to find a byte pattern.

     This command takes options and free-form arguments.  If your arguments
     resemble option specifiers (i.e., they start with a - or --), you must use
     ' -- ' between the end of the command options and the beginning of the
     arguments.

I suspect that the implementation does not match the help info, as whatever syntax I use I seem to get one of various cryptic error messages, e.g.:

error: two addresses needed for memory find

or

error: do not know how to deal with larger than 8 byte result types. pass a string instead

or

error: please pass either a block of text, or an expression to evaluate.

I've Googled for usage examples and come up with nothing. If anyone has an example that works I'd be grateful. In particular I want to search from the start of a block identified by a pointer, for a given no of bytes, to find the first occurrence of a particular (byte) value (255 in this case).

I'm using Xcode 7.0.1 on OS X and the lldb version is lldb-340.4.70.

UPDATE

I've found that the -s option can be made to work, e.g. like this:

(lldb) me fi -s "f" -- ptr ptr+8192*256
Your data was found at location: 0x11033e20c
0x11033e20c: 66 bb 58 07 d0 b7 32 7d ff 7f 00 00 66 5b e7 82  f.X...2}....f[..

It may just be that the -e option (which is what I need in this instance) is broken, e.g.:

(lldb) me fi -e 255 -- ptr ptr+8191*256
error: expression evaluation failed. pass a string instead?

Trying to coax the -s option into accepting an escaped hex or decimal value doesn't seem to work either, unfortunately:

(lldb) me fi -s "\xff" -- ptr ptr+8191*256
Your data was not found within the range.

(lldb) me fi -s "\255" -- ptr ptr+8191*256
Your data was not found within the range.
Improve this question

1 Answer 1

Reset to default
2

This issue has been fixed in open source LLDB, as revision 243893 (http://llvm.org/viewvc/llvm-project?view=revision&revision=243893)

I cannot make any comments as to the availability of this fix in Xcode, but one thing you can try is to compile LLDB from source and use that hand-built LLDB with the fix to debug your issue

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for that - I'll file a bug report with Apple.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.