White Paper: Red Hat Crash Utility


Contents

help page:  search


NAME
  search - search memory

SYNOPSIS
  search [-s start | -k | -u] [-e end | -l length] [-m mask] value ...

DESCRIPTION
  This command searches a range of user or kernel memory space for given value.
  If no end nor length value is entered, the search stops at the end of
  user or kernel address space, whichever is appropriate.
 
  An optional mask value may be entered to mask off "don't care" bits.

   -s start  Start the search at this hexadecimal user or kernel virtual 
             address, or kernel symbol.
         -k  If no start address is specified, start the search at the base
             of kernel address space.  If a start address is specified, then
             this option specifies that the start address is a kernel virtual
             address. (only required on processors with overlapping
             kernel/user virtual address spaces)
         -u  If no start address is specified, start the search at the base
             of the current context's user address space.  If a start address
             is specified, then this option specifies that the start address
             is a user virtual address. (only required on processors with 
             overlapping kernel/user virtual address spaces)
     -e end  Stop the search at this hexadecimal user or kernel virtual 
             address, or kernel symbol.
  -l length  Length in bytes of address range to search.
    -m mask  Ignore the bits that are set in the hexadecimal mask value.
      value  Search for this hexadecimal value.
 
  If the -s start option is not used, then either -u or -k must be used in
  order to determine whether to search user or kernel memory.  The starting 
  address must be long-word aligned.  Address ranges that start in user space
  and end in kernel space are not accepted.

EXAMPLES
  Search the current context's address space for all instances of 0xdeadbeef:

    crash> search -u deadbeef
    bffff81c: deadbeef

  Search all kernel memory above the kernel text space for all instances
  of 0xabcd occuring in the lower 16-bits of each 32-bit word: 

    crash> search -s _etext -m ffff0000 abcd
    c071481c: abcd
    c0c2b0fc: 804abcd
    c0cf5e74: 7489abcd
    c17c0b44: c012abcd
    c1dac730: 3dbeabcd
    c226d0e8: ffffabcd
    c23ed5dc: abcd
    c3022544: 3dbeabcd
    c3069b58: 3dbeabcd
    c3e86e84: aabcd
    c3e88ed0: aabcd
    c3e8ee5c: aabcd
    c3e9df50: aabcd
    c3e9e930: aabcd
    c440a778: 804abcd
    c486eb44: 3dbeabcd
    c578f0fc: 804abcd
    c6394f90: 8ababcd
    c65219f0: 3abcd
    c661399c: abcd
    c68514ac: 8abcd
    c7e036bc: 3dbeabcd
    c7e12568: 5abcd
    c7e1256c: 5abcd

  Search the user address space of the current context for all instances
  of 0xdeadbeef:

    crash> search -u deadbeef
    81aba5c: deadbeef
    81abaa8: deadbeef
    bfffc698: deadbeef
    bffff390: deadbeef

  Search the 4K page at c532c000 for all instances of 0xffffffff:

    crash> search -s c532c000 -l 4096 ffffffff
    c532c33c: ffffffff
    c532c3fc: ffffffff

  Search the static kernel data area for all instances of c2d400eb:

    crash> search -s _etext -e _edata c2d400eb
    c022b550: c2d400eb
    c022b590: c2d400eb
    c022b670: c2d400eb
    c022b6e0: c2d400eb
    c022b7b0: c2d400eb
    c022b7e0: c2d400eb
    c022b8b0: c2d400eb


Contents