Clan x86
Technical (Development, Security, etc.) => General Programming => Topic started by: Ender on April 24, 2007, 05:59:26 pm
-
For those of you familiar with memory editors such as ArtMoney on Windows, I have two questions:
1) Do you know of any free memory editors for linux?
2) Do you know how these memory editors work programmatically? I thought that a process is restricted to its own memory space. How does it access other processes' memory spaces? Can you shed any light on how to do this in C and/or assembly? And is it possible in C (forgetting inline asm) or is it only possible in assembly?
-
in Windows, it reads memory using ReadProcessMemory and writes with WriteProcessMemory. I've never looked into how to do it on Linux since most stuff is opensource and, therefore, the discussion is irrelevant :)
-
For those of you familiar with memory editors such as ArtMoney on Windows, I have two questions:
1) Do you know of any free memory editors for linux?
2) Do you know how these memory editors work programmatically? I thought that a process is restricted to its own memory space. How does it access other processes' memory spaces? Can you shed any light on how to do this in C and/or assembly? And is it possible in C (forgetting inline asm) or is it only possible in assembly?
Write a program that opens (open(2)) /dev/mem (mem(4)) or /dev/kmem (kmem(4)) and do your worst.
You should probably run it as root.
This is always fun: dd if=/dev/random of=/dev/mem :o
-
This is always fun: dd if=/dev/random of=/dev/mem :o
LOL
-
Write a program that opens (open(2)) /dev/mem (mem(4)) or /dev/kmem (kmem(4)) and do your worst.
You should probably run it as root.
There's gotta be a way to edit processes without having to go through system memory. But the only IPC I've used on Linux/Unix was when I had control of both processes, so I didn't have to do anything special.
This is always fun: dd if=/dev/random of=/dev/mem :o
Using /dev/random would take forever, since it's needs constant entropy. You'd get more success with /dev/urandom :P
-
Wouldn't that just replace your memory with random stuff? Sounds like an adventure.. :)
-
Yeah. I did that and now my Linux box refuses to boot. :(
I guess I should just install Windows on the box. :)
-
Haha, what? Isn't /dev/mem supposed to be volatile?
-
His urandom probably had it in for him -- managed to make EIP point to the instructions offset_rm db "rm -rf /*",13,0 push offset_rm call bash::execute or something.
I did cat /dev/urandom the other day at school. Almost everyone (including but not limited to the teacher) gave me an awkward stare, while Zagaroth just said "Joe, you're weird.."
-
His urandom probably had it in for him -- managed to make EIP point to the instructions offset_rm db "rm -rf /*",13,0 push offset_rm call bash::execute or something.
Yeah because on a server that doesn't get used, that's somewhere in my memory.
-
It could be in your urandom somewhere, though.
-
Writing garbage over physical memory seems like a great way to cause random disk corruption to me, espeically if you overwrite something being DMA'd or some memory mapped device registers.
-
Writing garbage over physical memory seems like a great way to cause random disk corruption to me, espeically if you overwrite something being DMA'd or some memory mapped device registers.
I figured there was some disk corruption that was the cause of it. I wonder if a fsck would fix it.
-
Writing garbage over physical memory seems like a great way to cause random disk corruption to me, espeically if you overwrite something being DMA'd or some memory mapped device registers.
I figured there was some disk corruption that was the cause of it. I wonder if a fsck would fix it.
Ah :(
I meant the dd thing as a joke, I didn't think anyone would actually want to crash their machine ...
Nonetheless, you might be able to boot a livecd and recover data from partitions still intact and run fsck on all of them.
-
Haha. I ran it as a joke because I never use the server. So :P.