How to edit process memory?

bsld · 2016-12-20 12:29:30

It shouldn't be hard right? I tried /proc/5052/mem (as 5052 is the process id) - can't read s*it (nor write obviously). ATM I have 010editor (6.0.2) but it seems not to be able to open any process by itself (by the way this is the only usable hex editor for linux). Tried running as root as well.

I want to replace a single byte at certain address - please help me.

I'm debugging the application with IDA Pro but I don't trust IDA Pro itself for process editing (it's rather an analytical tool after all).

Thanks in advance

I'm ok to use the command line too. If there is a command to replace a single byte at certain address.

On good old Windows I used HXD for the purpose without any problems.

Last edited by bsld (2016-12-20 12:32:50)

bsld · 2016-12-20 12:37:41

Isn't there some quick answer please. Why is this so complicated?

Alad · 2016-12-20 12:43:06

Call 0800-ARCH-LINUX if you want an immediate response. Charging rates may vary. The forums on the other hand require a certain degree of patience: https://wiki.archlinux.org/index.php/Co … ct#Bumping

seth · 2016-12-20 13:11:41

This is the *first* google result for me:
http://unix.stackexchange.com/questions … nder-linux

And it also explains why you cannot just edit the process memory like on *DOS* (i don't think windows programs ever had real mode support)

PS: You're very most likely about to shoot yourself.

HiImTye · 2016-12-20 20:15:44

if you're looking for a cheat engine type alternative, then scanmem is likely what you want. otherwise, I'm not sure why you'd want to directly modify memory registers

bsld · 2016-12-20 21:32:41

The problem was the ida debugger (linux_serverx64) was somehow denying access to the process memory while being attached to the process. This is really stupid IMO. In windows I can both attach a debugger into a process and externally read/write to the process memory (using HxD for example). I don't know if this is a problem with the debugger or with the OS.

Now wine is acting drunk after a lot of time spent with itself (obviously I guess?).

Last edited by bsld (2016-12-20 21:40:40)

seth · 2016-12-20 21:46:27

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

Editing process memory is a debugger-a-like feature in HxD, it's no way something the OS would grant you. Memory isn't a trivial bytemap and w/o stopping the process, you'd be pointing a moving target (so if you edit the heap, you just edit "something")

bsld · 2016-12-20 21:51:17

I know what I'm doing. You don't need to stop a process in order to edit its memory. The point is in windows I can both debug a process with lets say IDA and at the same time open it in edit mode with HxD. For now I haven't found a way to do the same in linux. It's either the problem in the OS or the IDA debugger.

Last edited by bsld (2016-12-20 21:52:49)

Arch Linux

#1 2016-12-20 12:29:30

How to edit process memory?

#2 2016-12-20 12:37:41

Re: How to edit process memory?

#3 2016-12-20 12:43:06

Re: How to edit process memory?

#4 2016-12-20 13:11:41

Re: How to edit process memory?

#5 2016-12-20 20:15:44

Re: How to edit process memory?

#6 2016-12-20 21:32:41

Re: How to edit process memory?

#7 2016-12-20 21:46:27

Re: How to edit process memory?

#8 2016-12-20 21:51:17

Re: How to edit process memory?

Board footer