Is there a fast way to search/scan the memory of a process for a specific value,
find the location of this value, edit and save it?
There are examples like Peeping Tom, but it's very slow and has issues with Vista & Win7.
You will have to debug the process (i.e. the equivalent of attaching the process to your custom debugger) and use ReadProcessMemory to read and WriteProcessMemory to write.
This is what the Delphi Code Coverage project is doing to insert breakpoints to track code coverage at runtime.
Look at the class DebugProcess, it has methods to read and write to the memory of the debugged process.
Related
Source code is present at run time in production system (though it may be compiled into ByteCode, native object code, or some other format for performance reasons). Application code is not delivered as object code for the underlying processor (some stable system libraries may be pre-compiled in this way however).
I read this lines from
http://c2.com/cgi/wiki?ScriptingLanguage
and i did not understood the line "Application code is not delivered as object code for the underlying processor" can anybody help me to understand this line because unless or until the
object code has not delivered to the system the code will not be executed Then how come it is
possible to have a application code which is not delivered to the processor help full to us please help me with a small example thank you......
A scripting language is (generally) interpreted. This means that there is an application (the interpreter) that reads the source file (which is in text format) and executes the instructions as it reads them (*). Thus no object code (for the interpreted program) is required
(*) this might not result in actual "performing" the code, might just store the defintion of a structure/class, etc.
This is in contrast with compiled programs that are first translated from source code to native-binary/byte-code/etc. by the compiler. In this case the source (text format) is not needed to execute the program, only the object code (the result of the translation).
Note: the line is a bit blured with byte-code-like object format. Although it is not the source code, it will stil have to be interpreted by the underlying virtual machine to be able to execute it on a CPU. Unless you treat the virtual machine as the machine that "executes" the object code (in the form of byte-code)
I've done some search out there but couldn't find too much really helpful info on it, but could someone try to explain the basic of Java memory maps? Like where/how to use it, it's purpose, and maybe some syntax examples (inputs/outputs types)? I'm taking a Java test soon and this could be one of the topics, but through all of my tutorials Jmap has not come up. Thanks in advance
Edit: I'm referring to the tool: jmap
I would read the man page you have referenced.
jmap prints shared object memory maps or heap memory details of a given process or core file or a remote debug server.
NOTE: This utility is unsupported and may or may not be available in future versions of the JDK. In Windows Systems where dbgeng.dll is not present, 'Debugging Tools For Windows' needs to be installed to have these tools working. Also, PATH environment variable should contain the location of jvm.dll used by the target process or the location from which the Crash Dump file was produced.
http://docs.oracle.com/javase/7/docs/technotes/tools/share/jmap.html
Its not a tool to be played with lightly. You need a good profiler which can read it output as jhat is only useful for trivial programs. (YourKit works just fine for 1+ GB heaps)
I have a very simple Delphi 2010 dll that I load from a Visiual Studio 2008 C ATL console application (MVF GUI app does not work either). When I debug the console app from the IDE directly - no break points - the output from the application is not correct but when I run the app directly or if I attach to the process with the debugger then it works 100%. Debugging the same dll from a Delphi console app (i.e. running it from the IDE) also works.
The VS debugger seems to break the app depending on how you run it. VS2010 does the same!
I have made 100% sure - several times! - that the data types and calling convention of the dll exports and those in the console app match. I can go into more detail but I don't want to confuse the matter with what may be irrelevant information. Please tell me if I have to go into the specifics of the code if what I have offered is not enough.
Has anyone experienced this sort of thing and know how to fix it?
I've got similar problem once (different behavior in IDE/debugger and in standalone application). It turned out, that I've checked the value of unset variable. Debugger allocated it (always!) in previously used block of memory, such that the value was not empty and the application worked correctly (because only the conditional block was erroneous). However, OS sometimes put the application in empty memory block (filled with 0s), the condition failed and application crashed.
Maybe this is the issue? Try using OutputDebugString()'s to track down values of variables during the library runtime. Without some source code I believe, that it's not easy to say, what might be the reason.
Best regards -- Spook.
I'm using a Java application which allows you to import custom files. On import, these files are loaded into memory.
The problem is that the files I want to import are very big, this causes an OutOfMemory exception. The crash log also informs me that the VM was started with the java parameter "-Xmx512m", I want to alter this to "-Xmx1024m" so that I got double the memory available.
The problem is that this application is using it's own JRE folder and that there's a launcher written in C which is calling the jvm.dll file. In any way, java.exe or javaw.exe are never called and thus I cannot set these parameters myself (if I delete these executables it doesn't matter, can still run the application - this is not the case with the dll).
So, my question is, can I set this VM parameter in an other way? I'm even willing to alter the JRE files if there is no other way.
Update: Found some extra info:
jvm_args: -Djava.system.class.loader=com.company.loader.NativeClassLoader -Xmx160m -Xms160m -Xincgc
java_command: unknown
Launcher Type: generic
You would probably be better off attempting to eliminate the launcher use a standard JVM. See if you can figure out what parameters Java is being launched with--it might help to dump the launcher and any associated configuration files.
Then you just call java yourself.
This may not work at all depending on what else the launcher is doing.
edit:
try:
java -Djava.system.class.loader=com.company.loader.NativeClassLoader -Xmx160m -Xms160m -Xincgc
from the command line against a real JVM. There is a good chance it will fail because of the NativeClassLoader or other stuff set up by the java loader.
Also you may be missing the actual java class it is trying to start (I don't know if that "NativeClassLoader" needs the actual main class or not).
Without knowing more about the C class loader, I don't know if anyone can help you much. Perhaps you could contact the vendor? You might dump the .exe file and see if there is any identifying text--if you could figure out where it came from, you might be able to find docs on it telling you how to forward parameters to the JVM
I'm finishing an internship at a company and have just been thrown onto this project for the last month where the program is built upon an engine that they "failed" to buy the source code for. Now I've been given the task of finding out why it is failing, on only certain conditions and customer feedback hasn't been great. The main developer for the project is also out on leave for several months.
I have the engine install and know the language it was written in (delphi6?).
note which I have never had to use
I have our products msi.
I'm expected to go through the regular app and pinpoint the problem. I suspect it is something to do with fields not being re-initialized properly.
Is there a way to attach a debugger to the exe to see callstacks and all that hotness?
Any help that would avoid countless use cases would be received gratefully.
You can attach the Delphi debugger to any running process (like all other win32 debuggers out there) but I don't think the experience will be near what you expect. Delphi produces really tight executables which means the info for building human readable callstacks or any kind of "hotness" are simply not there.
Your only chance is in that if your application is a Debug release. In that case, Delphi debugger should help more than a generic debugger.
You might also want to have a look at this thread - Is there a program to decompile Delphi?
In Delphi 2006 (not sure about 6) you can attach the debugger to a running process.
You only get assembler instructions, registers, flags, memory dump and stack (hex). Hope that is enough.
Nice, I tried to attach to the ide/debugger and they disallowed that ;-).