Can you edit address values in “/proc/$pid/mem” to reflect changes in that process?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I would like to see if I can edit a value in my program while it is running by directly changing the memory.

My thought process (untested) is to do the following:

Run the program.

Open up "System Monitor" app, and "stop" (not end or kill) the program.

Navigate to /proc/<ID#>/

chmod the file mem to give me read-write access

Edit mem with a hex editor

Continue program and see if my changes were reflected.

Is this the right way to go about this?

If not, how would I go about trying to achieve this?

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

add a comment |

up vote
1
down vote

favorite

I would like to see if I can edit a value in my program while it is running by directly changing the memory.

My thought process (untested) is to do the following:

Run the program.

Open up "System Monitor" app, and "stop" (not end or kill) the program.

Navigate to /proc/<ID#>/

chmod the file mem to give me read-write access

Edit mem with a hex editor

Continue program and see if my changes were reflected.

Is this the right way to go about this?

If not, how would I go about trying to achieve this?

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

add a comment |

up vote
1
down vote

favorite

I would like to see if I can edit a value in my program while it is running by directly changing the memory.

My thought process (untested) is to do the following:

Run the program.

Open up "System Monitor" app, and "stop" (not end or kill) the program.

Navigate to /proc/<ID#>/

chmod the file mem to give me read-write access

Edit mem with a hex editor

Continue program and see if my changes were reflected.

Is this the right way to go about this?

If not, how would I go about trying to achieve this?

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

I would like to see if I can edit a value in my program while it is running by directly changing the memory.

My thought process (untested) is to do the following:

Run the program.

Open up "System Monitor" app, and "stop" (not end or kill) the program.

Navigate to /proc/<ID#>/

chmod the file mem to give me read-write access

Edit mem with a hex editor

Continue program and see if my changes were reflected.

Is this the right way to go about this?

If not, how would I go about trying to achieve this?

kernel memory proc programming hex

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

edited Nov 18 at 22:36

asked Nov 18 at 22:28

Akiva

1115

asked Nov 18 at 22:28

Akiva

1115

asked Nov 18 at 22:28

Akiva

1115

add a comment |

1 Answer
1

active

oldest

votes

up vote
1
down vote

According to man 5 proc:

/proc/[pid]/mem
 This file can be used to access the pages of a process's memory through open(2),
 read(2), and lseek(2).

That's to say this interface only provides read access. You cannot write or modify this file:

# chmod +w /proc/$pid/mem
chmod: changing permissions of '/proc/2905/mem': Operation not permitted

If you want to modify a running process's memory, one way I can think of is to attach a debugger to the process, and then use it to set variables.

answered Nov 19 at 2:05

muru

35k581154

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482623%2fcan-you-edit-address-values-in-proc-pid-mem-to-reflect-changes-in-that-proce%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
1
down vote

According to man 5 proc:

/proc/[pid]/mem
 This file can be used to access the pages of a process's memory through open(2),
 read(2), and lseek(2).

That's to say this interface only provides read access. You cannot write or modify this file:

# chmod +w /proc/$pid/mem
chmod: changing permissions of '/proc/2905/mem': Operation not permitted

If you want to modify a running process's memory, one way I can think of is to attach a debugger to the process, and then use it to set variables.

answered Nov 19 at 2:05

muru

35k581154

add a comment |

up vote
1
down vote

According to man 5 proc:

/proc/[pid]/mem
 This file can be used to access the pages of a process's memory through open(2),
 read(2), and lseek(2).

That's to say this interface only provides read access. You cannot write or modify this file:

# chmod +w /proc/$pid/mem
chmod: changing permissions of '/proc/2905/mem': Operation not permitted

If you want to modify a running process's memory, one way I can think of is to attach a debugger to the process, and then use it to set variables.

answered Nov 19 at 2:05

muru

35k581154

add a comment |

up vote
1
down vote

According to man 5 proc:

/proc/[pid]/mem
 This file can be used to access the pages of a process's memory through open(2),
 read(2), and lseek(2).

That's to say this interface only provides read access. You cannot write or modify this file:

# chmod +w /proc/$pid/mem
chmod: changing permissions of '/proc/2905/mem': Operation not permitted

If you want to modify a running process's memory, one way I can think of is to attach a debugger to the process, and then use it to set variables.

answered Nov 19 at 2:05

muru

35k581154

According to man 5 proc:

/proc/[pid]/mem
 This file can be used to access the pages of a process's memory through open(2),
 read(2), and lseek(2).

That's to say this interface only provides read access. You cannot write or modify this file:

# chmod +w /proc/$pid/mem
chmod: changing permissions of '/proc/2905/mem': Operation not permitted

If you want to modify a running process's memory, one way I can think of is to attach a debugger to the process, and then use it to set variables.

answered Nov 19 at 2:05

muru

35k581154

answered Nov 19 at 2:05

muru

35k581154

answered Nov 19 at 2:05

muru

35k581154

answered Nov 19 at 2:05

muru

35k581154

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

搜尋此網誌

mjhjmtu