Search for all strings

[GoogleCodeExporter]

I couldn't find any feature to search for all strings. I can search for 
specific strings, but in OllyDBG you can search for all of the strings in a 
binary.

Original issue reported on code.google.com by gsingh2...@gmail.com on 26 May 2014 at 4:36

[GoogleCodeExporter]

I believe the feature you are looking for is part of the "Process Properties" 
plugin.

Choose the "Plugins" menu and then select "Process Properties" and then the sub 
menu item "Process Properties".

Finally on the "Memory" Tab, there is a "Strings" button. From there you can 
select a memory region to list strings found.

As a shortcut, you can use either "Ctrl+P" to bring up the Process Properties 
plugin. Or you can use "Ctrl+S" to bring up the "Strings" dialog directly (this 
being the most convenient option).

Please feel free to re-open the bug if I misunderstood what you were asking for.

Original comment by evan.teran on 1 Jun 2014 at 3:14

• Changed state: Invalid

[GoogleCodeExporter]

Yup, that's what I was looking for. However, that displays a lot fewer strings 
than I can see with the strings command. Is that expected?

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 4:18

[GoogleCodeExporter]

A few things.

1. It does it by region, so it's possible that some of the strings are in 
different loaded regions.

2. There is a lower bound of what edb  considers to be strings (this is 
adjustable in the Preferences dialog).

3. Finally, there may be disagreement on what edb considers to be a character 
that is likely a string. If you have some examples of things not found that you 
feel should be, please file a bug report for it and I'll get right on it :-).

Original comment by evan.teran on 1 Jun 2014 at 4:20

[GoogleCodeExporter]

I feel like these strings should be found. Here's the binary I'm looking at: 
http://captf.com/2013/csaw-quals/exploitation/exploit2-200/exploit2. If you run 
strings, you get a couple of useful strings, including "Welcome to CSAW CTF". 
These strings don't show up for me in EDB. The only think I get is a path to a 
shared library and the program name. Let me know if I'm doing something wrong 
or you get other output.

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 4:33

[GoogleCodeExporter]

Hmm, When I open that binary in edb and run strings on the primary code region 
(8048000-8049000) I see strings like:

"Welcome to CSAW CTF.  Exploitation will be a little harder this year.  Insert 
your exploit here."

at location: 0x08048cf0.

Original comment by evan.teran on 1 Jun 2014 at 4:37

[GoogleCodeExporter]

Ah, I see. I figured it out. Thanks for the help.

Original comment by gsingh2...@gmail.com on 1 Jun 2014 at 5:12