memgrep

“memgrep is a tool to search, replace, or dump arbitrary memory from running applications and core files. Potential applications for memgrep include reverse engineering, debugging, and vulnerability assessment.”
Click

I need to patch the sources with the following diff to get it working on my grsec kernel:

— memgrep-0.8.0/src/memgrep.c 2003-12-30 07:08:09.000000000 +0100
+++ memgrep-0.8.0-patched/src/memgrep.c 2005-03-16 16:09:21.000000000 +0100
@@ -90,6 +90,18 @@
#else
#include

+ #define PTRACE_ATTACH 16
+ #define PTRACE_DETACH 17
+
+ #define PTRACE_PEEKDATA PT_READ_D
+ #define PTRACE_POKEDATA PT_WRITE_D
+
+ #define PTRACE_SETREGS PT_SETREGS
+ #define PTRACE_GETREGS 12
+
+ #define PT_READ_D 2
+ #define PT_WRITE_D 5
+
#define PTRACE_ADDR_CAST void *

extern long int ptrace (unsigned long int cmd, unsigned long int pid, void *param, unsigned long int data);

Advertisements

~ by Balle on July 6, 2007.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: