I need to find a str[possibly n]cmp out of a hostile binary file. The problem is there are a billion in the disassembly.
I know it is there becuase of the help from strings. I am disassembling a binary that does not have 'otx' (the dissassembler that puts in the strings for you.
I need to know how to find the memory offset of this string once the program is loaded so i can use gdb etc.
If you could give me an algorithm (I used to remember the other way: phys off = virtual off * segment adress + segment offset -- or something to that effect) (ps is that correct??:) )
Or if you could tell me how this is infinitely easier in ida pro, I would be very grateful
thanks :)
In IDA, just load the file and perform a binary search (press Alt+B), then look at the address. You can also check for cross-references to the string by pressing x.