Because InfoSec loves RegExes.
Andrey Bazhan, from Comae Technologies, just made a neat addition to SwishDbgExt which is the ability to use Yara rules to hunt process in memory via a new command called
You can refer to the commit for more information.
Search through a specific process
!ms_yarascan /pid 0x228 /yarafile /yarafile C:\Rules.yar
Search through all processes
!for_each_process "r? @$t0 = (nt!_EPROCESS *) @#Process; .process /r /p @$t0; !ms_yarascan /pid @@C++(@$t0->UniqueProcessId) /yarafile C:\\Rules.yar"