How to search a range of addresses using ‘s’ command in WinDbg

-> Please note for demo purpose we are using current thread stack range as address range: poi(@$teb+8) poi(@$teb+4) <- Search for an ascii string beginning with "Rtl" s -a poi(@$teb+8) poi(@$teb+4) "Rtl" //Output 0fd3d906 52 74 6c 47 65 74 50 72-6f 64 75 63 74 49 6e 66 RtlGetProductInf Search for a unicode string […]
Continue reading…