views:

4446

answers:

6

In short, how can I search, view, and modify in-memory values in linux, preferably as easily/simply as possible.

Like this.

A: 

Well the easiest way to keep everything the same as Windows would be to use Wine. It's an implementation of the Windows API to allow some applications to run at near-native speed.

I say that because the link you suggest uses a special application to do half the work for you. Unless that's ported across you're left with Wine, Windows proper, or running Windows in a VM under Linux.

But you shouldn't cheat.

Oli
A: 

This forum post kind of explains how and why.

http://forum.cheatengine.org/viewtopic.php?t=264431

Long story short, you need to run IE of Firefox in Wine so that CE can have a look at the memory it uses.

contagious
A: 

WOW!!! Didn't know something like that existed for Windows! Thanks for sharing!

SNES9X had a similar capability to hack, tweak and even re-program SNES ROM images while playing them (I read it was inspired by the Game Genie), I used that a lot when on my teens to get infinite ammo, life, hidden scenes or characters, etc. on SNES games...

To be quite honest with you, had you not posted this before I would've considered it simply impossible to do something like for any version of Windows>=NT, or Linux... Why? Because supposedly now we have more memory protection (hardware enforced when possible) to avoid precisely these kind of situations: one process overwriting data from another process.

I would've thought it possible only for console ROMs because technically the whole ROM is data to the emulator, so it's not someone else's data. The same could be said if you made your own Flash player. But this program is here and working on Windows executables! Truly impressive.

Now then, you can download an old version's code from this page, the author also says over there that you can mail him to ask him latest version's code.

You can try porting it for Linux. It's written in Delphi, might be compilable after some minor tweaks with a modern Pascal compiler.

Joe Pineda
Why wouldn't it be possible? Debuggers are allowed to access other programs' RAM, assuming the user/process has appropriate permissions.
Charles Duffy
I've always believed that in modern OSes no process is allowed to *alter* other process' data. If not, then we're not so far from the old MSDOS days... As for debuggers - I'm not familiar with how they work, probably they tell the OS the other programs' machine code is their "data".
Joe Pineda
+2  A: 

closest you'll get is scanmem

sudo apt-get install scanmem

A: 

Hmmm.... I would have to say... Get a Mac. :)

BDF
A: 

i know from looking over gdb (the GNU debugger) code thath there are indeed libraries to peek and poke in another programs memory...

haven't found a good implementation though.

Robin