Do you mean *p == p ? I guess it could be implemented easily using pykd. However, it may be time consuming especially you're debugging a x64 process.
-
-
-
Yes, that's what I mean. I guess I'll have to find some sample code to enumerate all mappings and dump memory from pykd
-
an ugly hack (if you want to avoid reading the bad documentation of pykd) should be: output = pykd.dbgCommand("!address"); and then parse the output from python
-
Before I try this, do you have an estimate how long it will take to dump about 100-200MB of memory using pykd?
-
try: https://pastebin.com/hAx1Dur1 no error check, but should work fast enough for user mode dumps
-
Sweet!
End of conversation
New conversation -
-
-
Not exactly what you need but you can take a look at cfgtool.cpp in https://github.com/google/p0tools/tree/master/JITServer … as an example for searching through a memory of another process for pointers with specific properties.
-
A very nice, I think this will do just fine!
End of conversation
New conversation -
-
-
does the page tables count?
-
Sorry, in userland. Should have mentioned.
End of conversation
New conversation -
-
-
You can use immunity debugger!
-
x64 though
End of conversation
New conversation -
-
-
Ok, here is it: new versions have a powerful (and native) Javascript API https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/javascript-debugger-scripting …. Learning this should be a better time investment than applying third party tools...
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.