s command don't work

Hi dear all,
according to the windbg document , a virtual address is interpreted in a process context (use the process’s paging table) , so , if there is not a process context (for example , in debugging winload , which has no concept of process) , s command will not work ,

kd> db 0000000000844000 l2 0000000000844000 4d 5a MZ
kd> s 00000000`00844000 l2 4d 5a

s command return nothing

so , is there any alternative for s command in this situation ?
and why db command works ? it seems interpreting of virtual address in a db command do not use process context.
many thanks!!!

@ys: I saw your post caught in the spam filter. Check out this post… no need for you to repost multiple times.

Peter

ETA: I’ve marked your account to indicate that posts from you should never be considered spam in the future.

search and display byte both should not work differently

windbg has broken because of sxe ibp here

kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
NULL value in PsActiveProcess List
kd> ? nt
Evaluate expression: -2105483264 = 8280e000
kd> db nt l2
8280e000 4d 5a MZ
kd> s nt l2 5a
8280e001 5a 90 00 03 00 00 00 04-00 00 00 ff ff 00 00 b8 Z…

@ys it appears there is some bug when using search memory during WinLoad Stage
i just booted a win-x 32 bit vm (15563 rs2) with /bootdebug on and
tried to search and it appears it can search for ascii strings but not
bytes i think you should possibly raise an issue in thier github doc
account

kd> kb

ChildEBP RetAddr Args to Child

00 001a62dc 00746796 00000000 00000000 00000000 winload!BlStatusError+0x62
01 001a6708 0073e69e 00000000 00000000 00000000 winload!OslFatalErrorEx+0x4c9
02 001a6f80 0073e29a 001a6fc8 801c80a0 001a6fe8
winload!OslPrepareTargetPhase0+0x3c2
03 001a6f90 0073e231 0010be48 004831d0 00061d34 winload!OslpMain+0x13
04 001a6fe8 0048320a 0010be48 00061d34 00000000 winload!OslMain+0x101
WARNING: Frame IP not in any known module. Following frames may be wrong.
05 00000000 f000ff53 f000e2c3 f000ff53 f000ff53 0x48320a
06 ffffffff 00000000 00e2c3f0 00ff53f0 00ff53f0 0xf000ff53
kd> r
eax=00000000 ebx=c0000001 ecx=0081c760 edx=00000060 esi=00000001 edi=0000000f
eip=0077f821 esp=001a62d4 ebp=001a62dc iopl=0 nv up di pl nz ac pe nc
cs=0020 ss=0030 ds=0030 es=0030 fs=0060 gs=0060 efl=00000016
winload!BlStatusError+0x62:
0077f821 cc int 3
kd> dc . l20
0077f821 5d5e5fcc 8b000cc2 ec8b55ff 81f8e483 .^]…U…
0077f831 0001acec 8b565300 57f18bda 0a75db85 …SV…W…u.
0077f841 00000db8 0116e9c0 948d0000 00009824 …$…
0077f851 3e9ae800 c085fffd 0102880f 448d0000 …>…D
0077f861 44c71824 00001024 44890080 848b1424 $…D$…D$…
0077f871 00009824 00e88300 83486674 4b7401e8 $…tfH…tK
0077f881 01e88348 83481f74 3f7401e8 7401e883 H…t.H…t?..t
0077f891 0002b80a c5e9c000 b8000000 c00000bb …
kd> s . l50 44 89
kd> s -b 77f821 77f8a1 44 89
kd> s -[l2]sa 77f821 77f8a1
0077f822 "
^]"
0077f836 “SV”
0077f860 “D$”
0077f864 “D$”
0077f86c “D$”
0077f879 “tfH”
0077f87f “tKH”
0077f88b “t?”

it also appears you can search for aligned dwords but not bytes

kd> s -d . l60 0xc00000bb

0077f89d c00000bb 0000bbe9 d0e86800 448d0080 …h…D
kd> s -b . l60 0xc0
kd> s -d . l60 0xc5e9
kd> s -d . l60 0xc5e9???
Syntax error at ‘???’
kd> s -d . l60 0xc5e9c000
0077f895 c5e9c000 b8000000 c00000bb 0000bbe9 …