Searching memory including unknown values

Am not sure if the search command supports wild card. But you can use .foreach command, to achieve what you want.

Here is a sample that i used to search a memory pattern such as ff ?? 00

.foreach (hit {s -[1]b 00007ffabc520000 L100 ff }) {db hit L3; s ${hit}+2 L1 00}

Here is a brief description of how it works :

NOTE - Open up the debugger help from windbg to get complete documentation. That is within Windbg, Help | Contents

{s -[1]b 00007ffabc520000 L100 ff }

Use -[1] flag with s, so that only the memory address is given as the output.

s ${hit}+2 L1 00

For each hit, pass that memory address to the next search command. Increase the memory by the number of bytes that you want to skip and mention the last part of search pattern.

db hit L3

From the memory that has the beginning of the patter, dump the entire length. This is just to confirm that we are getting the right results!

Hope this helps. In case you need further clarification, i can try to provide that as well.