I want to dump a process image on the disk and then execute it
i listed the process modules
i used readprocessmemory to read the memory range of the exe
but when i try to execute it fails.how can i solve this?
thanks
You can't.
When you load a PE into memory, (I assume you're using MapAndLoad from ImageHlp.pas,) it loads the modules into memory and loads the data, but it doesn't go through and realign all the pointers the way the standard Windows Loader does.
The pointers in the app are all going to be relative addresses that don't actually point to what they're supposed to point to.
If you know enough about how RVAs and mappings work, you can analyze the code, but you can't actually execute it.
Related
I recently tried to host a little web interface from my ESP8266. But something kept failing until I realized that a bigger file (around 10kb) was corrupt. Well, not really corrupt, but simply incomplete. And no matter how I changed it, the file was always cut off after a certain amount of characters.
My compiled NodeMCU firmware is about 649kb in size, so there should easily be enough space. I mean my board has at least 4MB of storage (32m), so that should be plenty to store my lua, html and css files!
I used Esplorer to upload the files btw.
So what exactly is the limit here?
Is it a memory issue? A flash storage issue? An issue related to Esplorer?
Is it somehow possible to get bigger files onto my board?
edit:
I should mention that uploading the init.lua file always worked even if it was around 10kb. Maybe the uploading mechanism is different for the init.lua file?
Alright, here's the long form of my comment above. My best guess is (was) that this be an issue with ESPlorer. Whenever I look at its source code I'm actually surprized how well it usually works.
At https://frightanic.com/iot/tools-ides-nodemcu/ I compiled a list of tools and IDEs for NodeMCU. I suggest you pick a different uploader and try again. The NodeMCU-Tool for example is solid and it's definitely a lot better maintained than ESPlorer is.
I am using ShFileOperation to copy files to an SD card and it is working fine, almost!
I have some large files, 5GB and greater. When the SD card is empty this all progresses fine. But, when I am updating the files on the SD c ard, ShFileOperation will check remaining disk size and if the file is larger than free-space it will show a "No room" dialog and abort.
The problem arises when the file will be overwriting an existing one and is probably only 3MB or 4MB larger with new stuff. The ShFileOperation does not first check if the destination file exists before checking for disk space.
I have checked all available Flags on the MSDN site and the only one I can find is FOF_NOERRORUI but that is a little too brutal and totalitarian for me. Killing off all error messages just to overcome one problem.
Is there any way I can get ShFileOperation to not do that disk-space check, but still declare serious errors if they occur?
Thanks.
Is there any way I can get ShFileOperation to not do that disk-space check, but still declare serious errors if they occur?
You can use FOF_NOERRORUI to suppress the error UI. Which is indeed exactly what you want. But then you need to provide UI for any errors, since you asked the system not to. That flag essentially means, "let me take charge of reporting errors."
In this situation, I would suggest using CopyFileEx() for each file, utilizing its progress callback to update your own progress dialog as needed.
I've done some search out there but couldn't find too much really helpful info on it, but could someone try to explain the basic of Java memory maps? Like where/how to use it, it's purpose, and maybe some syntax examples (inputs/outputs types)? I'm taking a Java test soon and this could be one of the topics, but through all of my tutorials Jmap has not come up. Thanks in advance
Edit: I'm referring to the tool: jmap
I would read the man page you have referenced.
jmap prints shared object memory maps or heap memory details of a given process or core file or a remote debug server.
NOTE: This utility is unsupported and may or may not be available in future versions of the JDK. In Windows Systems where dbgeng.dll is not present, 'Debugging Tools For Windows' needs to be installed to have these tools working. Also, PATH environment variable should contain the location of jvm.dll used by the target process or the location from which the Crash Dump file was produced.
http://docs.oracle.com/javase/7/docs/technotes/tools/share/jmap.html
Its not a tool to be played with lightly. You need a good profiler which can read it output as jhat is only useful for trivial programs. (YourKit works just fine for 1+ GB heaps)
Is there a fast way to search/scan the memory of a process for a specific value,
find the location of this value, edit and save it?
There are examples like Peeping Tom, but it's very slow and has issues with Vista & Win7.
You will have to debug the process (i.e. the equivalent of attaching the process to your custom debugger) and use ReadProcessMemory to read and WriteProcessMemory to write.
This is what the Delphi Code Coverage project is doing to insert breakpoints to track code coverage at runtime.
Look at the class DebugProcess, it has methods to read and write to the memory of the debugged process.
Resource files (.RES) accept any kind of binary files but if it is an exe file how can I run it?
You would have to extract it as a file to disk and execute it.
Although you don't have to extract it to disk, as Cosmin Prund says in a comment, if you don't it requires a lot of hard work.
http://sites.google.com/site/delphibasics/home/delphibasicssnippets/memoryexecutionunit-winxpwinvistawin7
Take a look at this memory execution unit.It allows you to execute an exe from memory without dumping it on disk.
Yes it is possible. There is a Delphi library to do this somewhere on the web, but I cannot for the life of me remember what it's called. It allows you to execute a normal exe file no-matter where it is in memory. So you can load it into a stream, or just embed it in a resource.
I realize that my reply is a bit depressing since i dont remember the name of the library, but at least you now know that it can be done. If you google around for "execute PE exe from memory" and "Delphi" then I'm sure you will find it.
You might want to take a look at Orean's XBundler: http://www.oreans.com/xbundler.php
I use their licensing product (WinLicense) and have been very happy with the product, their support, responsiveness and updates.
In fact, I'm about to buy XBundler so I can ship a dll securely embedded in my exe.
Tom