Command scan

scan Search for addresses that are located in a memory mapping (haystack) that belonging to another (needle).

gef➤  scan stack libc
[+] Searching for addresses in 'stack' that point to 'libc'
[stack]: 0x00007fffffffd6a8│+0x1f6a8: 0x00007ffff77cf482  →  "__tunable_get_val"
[stack]: 0x00007fffffffd6b0│+0x1f6b0: 0x00007ffff77bff78  →  0x0000001200001ab2
[stack]: 0x00007fffffffd758│+0x1f758: 0x00007ffff77cd9d0  →  0x6c5f755f72647800
[stack]: 0x00007fffffffd778│+0x1f778: 0x00007ffff77bda6c  →  0x0000090900000907
[stack]: 0x00007fffffffd7d8│+0x1f7d8: 0x00007ffff77cd9d0  →  0x6c5f755f72647800
[...]

scan requires two arguments, the first is the memory section that will be searched and the second is what will be searched for. The arguments are grepped against the processes memory mappings (just like vmmap to determine the memory ranges to search.

To check mappings without a path associated, an address range (start-end) can be used.