How to find the location of a string in memory (have the physical offset)

Question

Hello,

i need to find a str[possibly n]cmp out of a hostile binary file. problem is there are a billion in the disassembly. I know it is there becuase of the help from strings. I am disassembling a binary that does not have 'otx' (the dissassembler that puts in the strings for you :) )

I need to know how to find the memory offset of this string once the program is loaded so i can use gdb etc.

if you could give me an algorithm (i used to remeber the other way: phys off = virtual off * segment adress + segment offset -- or something to that effect) (ps is that correct??:) )

ooor if you could tell me how this is infinitely easier in ida pro, i would be very grateful

thanks :)

Answer 1

In IDA, just load the file and perform a binary search (press Alt+B), then look at the address. You can also check for cross-references to the string by pressing x.