Re: Memory manipulator
Hi, I assume this is relevant: :H. Peter Anvin writes: Mikael Pettersson wrote: On Wed, 19 Sep 2007 14:35:29 +0100, James Pearson wrote: /proc/PID/environ currently truncates at 4096 characters, patch based on the /proc/PID/mem code. Does /proc/PID/mem even work? If I do `strace cat /proc/PID/mem /dev/null' for a known good PID, the first read() from /proc/PID/mem fails with ESRCH, Of course it does. Address zero isn't typically mapped. I would also look here: http://www.comptechdoc.org/os/linux/howlinuxworks/linux_hlproc.html and use item 6 maps plus /dev/mem (Warning I am not a kernel programmer, so this is just my 2 cents after goggling) Indeed. My bad :-( - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ On Sun, Aug 31, 2008 at 12:18 PM, Shachar Shemesh [EMAIL PROTECTED]wrote: Gilad Ben-Yossef wrote: Shachar Shemesh wrote: You can only use /proc/PID/mem if you are already attached to that process as a debugger. How interesting. Where is that documented? Google. I spent almost half an hour trying to figure that one out. It is, indeed, not documented anywhere I could find. neither the proc man page or the relevant kernel documentation file does not mention this. Don't use no double negatives! Sorry, couldn't resist. I'm going to send a patch... Go for it. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Constant change is here to stay! President John F. Kennedy once said that the hottest places in Hell are reserved for those who in a period of moral crisis maintain their neutrality.
Re: Memory manipulator
Noam Rathaus wrote: Hi, I have been using Cheat Engine (http://www.cheatengine.org/) to manipulate the memory of applications on Windows for quite some time - mainly useful for testing software for quirks and bugs. I was wondering whether someone knew of a equivalent program for Linux? I am mainly looking for memory value discovery and value changing abilities. At least in theory this should work. I say in theory, because I've been getting an error on my Ubuntu trying to open /proc/$PID/mem by YMMV: $ cat /proc/$PID/mem | hexdump -c before $ cat /proc/$PID/mem | hexdump -c after $ diff before after Gilad -- Gilad Ben-Yossef Chief Coffee Drinker Codefidence Ltd. The code is free, your time isn't.(TM) Web:http://codefidence.com Email: [EMAIL PROTECTED] Office: +972-8-9316883 ext. 201 Fax:+972-8-9316885 Mobile: +972-52-8260388 Q: How many NSA agents does it take to replace a lightbulb? A: dSva7DrYiY24yeTItKyyogFXD5gRuoRqPNQ9v6WCLLywZPINlu!
Re: Memory manipulator
Gilad Ben-Yossef wrote: At least in theory this should work. I say in theory, because I've been getting an error on my Ubuntu trying to open /proc/$PID/mem by YMMV: $ cat /proc/$PID/mem | hexdump -c before $ cat /proc/$PID/mem | hexdump -c after You can only use /proc/PID/mem if you are already attached to that process as a debugger. This makes /proc/PID/mem somewhat redundant to using PTRACE_PEEKDATA. For some reason, even as a debugger, you cannot mmap it and use it as a forced shared mem mechanism. Furthermore, I have actually had cases where PTRACE_PEEKDATA returned data and /proc/PID/mem didn't for the same memory area, even when attached as a debugger. As such, I rate /proc/PID/mem as somewhere beneath useless. What Noam is looking for, as far as I can tell, is something where pause the program and tell the debugger now the value I'm looking for is 5, resume the program, play some more, and then pause it and say now the value is 4. Eventually, hopefully, you narrow down the value to the point where you know where it is stored in memory, despite not having any prior knowledge about the program. This is not difficult to write (for some definition of difficult). Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Memory manipulator
Shachar Shemesh wrote: Gilad Ben-Yossef wrote: At least in theory this should work. I say in theory, because I've been getting an error on my Ubuntu trying to open /proc/$PID/mem by YMMV: $ cat /proc/$PID/mem | hexdump -c before $ cat /proc/$PID/mem | hexdump -c after You can only use /proc/PID/mem if you are already attached to that process as a debugger. How interesting. Where is that documented? neither the proc man page or the relevant kernel documentation file does not mention this. I'm going to send a patch... Gilad -- Gilad Ben-Yossef Chief Coffee Drinker Codefidence Ltd. The code is free, your time isn't.(TM) Web:http://codefidence.com Email: [EMAIL PROTECTED] Office: +972-8-9316883 ext. 201 Fax:+972-8-9316885 Mobile: +972-52-8260388 Q: How many NSA agents does it take to replace a lightbulb? A: dSva7DrYiY24yeTItKyyogFXD5gRuoRqPNQ9v6WCLLywZPINlu!
Re: Memory manipulator
Gilad Ben-Yossef wrote: Shachar Shemesh wrote: You can only use /proc/PID/mem if you are already attached to that process as a debugger. How interesting. Where is that documented? Google. I spent almost half an hour trying to figure that one out. It is, indeed, not documented anywhere I could find. neither the proc man page or the relevant kernel documentation file does not mention this. Don't use no double negatives! Sorry, couldn't resist. I'm going to send a patch... Go for it. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Memory manipulator
On Sat, Aug 30, 2008 at 07:55:32AM +0300, Noam Rathaus wrote: Hi, I have been using Cheat Engine (http://www.cheatengine.org/) to manipulate the memory of applications on Windows for quite some time - mainly useful for testing software for quirks and bugs. I was wondering whether someone knew of a equivalent program for Linux? I am mainly looking for memory value discovery and value changing abilities. I don't understand exactly what are the data you have and which are missing. On a first glance it seems that Cheat Engine relies on hand-crafted symbols tables provided by the user. So ptrace gives the required low-level abilities. If I understand things correctly: what you need is gdb with hand-crafted symbol tables, right? -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il || a Mutt's [EMAIL PROTECTED] || best ICQ# 16849754 || friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Memory manipulator
I think you are looking for shmtool. Here is a link: http://tldp.org/LDP/lpg/node73.html On Sat, Aug 30, 2008 at 7:55 AM, Noam Rathaus [EMAIL PROTECTED]wrote: Hi, I have been using Cheat Engine (http://www.cheatengine.org/) to manipulate the memory of applications on Windows for quite some time - mainly useful for testing software for quirks and bugs. I was wondering whether someone knew of a equivalent program for Linux? I am mainly looking for memory value discovery and value changing abilities. -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com Know that you are safe. Beyond Security Finalist for the Red Herring 100 Global Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Memory manipulator
Hi Tzafrir, One of the abilities of Cheat Engine - beside being a games cheating machine, is to look for values in the memory, then search again for values, and leave only those that matched the previous set, etc As well as start of with an unknown value, and only look for those that increased, decreased, etc On Sat, Aug 30, 2008 at 10:05 AM, Tzafrir Cohen [EMAIL PROTECTED]wrote: On Sat, Aug 30, 2008 at 07:55:32AM +0300, Noam Rathaus wrote: Hi, I have been using Cheat Engine (http://www.cheatengine.org/) to manipulate the memory of applications on Windows for quite some time - mainly useful for testing software for quirks and bugs. I was wondering whether someone knew of a equivalent program for Linux? I am mainly looking for memory value discovery and value changing abilities. I don't understand exactly what are the data you have and which are missing. On a first glance it seems that Cheat Engine relies on hand-crafted symbols tables provided by the user. So ptrace gives the required low-level abilities. If I understand things correctly: what you need is gdb with hand-crafted symbol tables, right? -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il || a Mutt's [EMAIL PROTECTED] || best ICQ# 16849754 || friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Memory manipulator
Hi, I have been using Cheat Engine (http://www.cheatengine.org/) to manipulate the memory of applications on Windows for quite some time - mainly useful for testing software for quirks and bugs. I was wondering whether someone knew of a equivalent program for Linux? I am mainly looking for memory value discovery and value changing abilities. -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com Know that you are safe. Beyond Security Finalist for the Red Herring 100 Global Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]