As can be seen from the output above, radare2 generates a “hit” flag for every entry found. You can then use the command to see the strings stored at the offsets marked by the flags in this group, and they will have names of the form hit0_<index>:

    1. [0x00404888]> / ls
    2. ...
    3. [0x00404888]> ps @ hit0_0
    4. lseek

    You can search for wide-char strings (e.g., unicode letters) using the /w command:

    1. [0x00000000]> /w Hello
    2. 0 results found.

    To perform a case-insensitive search for strings use /i:

    if, instead, you are searching for a string of hexadecimal values, you’re probably better of using the /x command:

      If you want to mask some nibble during the search you can use the symbol . to allow any nibble value to match:

      You may not know some bit values of your hexadecimal pattern. Thus you may use a bit mask on your pattern. Each bit set to one in the mask indicates to search the bit value in the pattern. A bit set to zero in the mask indicates that the value of a matching value can be 0 or 1:

      1. [0x00407354]> /x 808080:ff80ff
      2. 0x0040d4c8 hit4_0 808080
      3. 0x0040d7b0 hit4_1 808080
      4. 0x004058a6 hit4_2 80fb80

      Once the search is done, the results are stored in the searches flag space.

      1. [0x00000000]> fs
      3. 1    0 . symbols
      5. [0x00000000]> f
      6. 0x00000135 512 hit0_0
      7. 0x00000b71 512 hit0_1
      8. 0x00000bad 512 hit0_2
      9. 0x00000bdd 512 hit0_3
      10. 0x00000bfb 512 hit0_4

      To remove “hit” flags after you do not need them anymore, use the command.

      Often, during long search sessions, you will need to launch the latest search more than once. You can use the // command to repeat the last search.