Win32::Process::Memory - read and write memory of other windows process
# open process my $proc = Win32::Process::Memory->new({ name=>'cmd.exe' }); # do debug printf "\nTotal Memory = 0x%X\n", $proc->get_memtotal; print "\nMemory block list:\n"; my %memlist = $proc->get_memlist; printf " %08X -> %08X : Len=0x%X\n", $_, $_+$memlist{$_}, $memlist{$_} foreach (sort {$a <=> $b} keys %memlist); print "\nContent of 0x10004 -> 0x10103\n"; print $proc->hexdump(0x10004, 0x100); # search a sequence of unsigned int16 print "\nFind a sequence of unsinged int16:\n"; my @results = $proc->search_u16(92, 87, 105, 110, 51, 50); print $proc->hexdump($_, 0x32)."\n" foreach @results; # read and change value printf "\n0x%X [unsigned int16] : %d\n", 0x10004, $proc->get_u16(0x10004); printf "0x%X [unsigned int32] : %d\n", 0x10004, $proc->get_u32(0x10004); #$proc->set_u32(0x10004, 55); # BE CAREFUL, MAY DAMAGE YOUR SYSTEM # close process undef $proc;
read and write memory of other windows process.
$proc = Win32::Process::Memory->new({ pid=num, name=>str, access=>'read/write/query/all' }); $proc = Win32::Process::Memory->new({ pid => 1522 }); $proc = Win32::Process::Memory->new({ name => 'cmd.exe' }); $proc = Win32::Process::Memory->new({ pid => 1522, access => 'read' });
my %memlist = $proc->get_memlist; printf " %08X -> %08X : Len=0x%X\n", $_, $_+$memlist{$_}, $memlist{$_} foreach (sort {$a <=> $b} keys %memlist);
printf "Commited Memory = %X Bytes\n", $proc->get_memtotal;
print $proc->hexdump($from, $len);
$getbytes = $proc->get_buf($from, $len, $buf); # return 0 if failed $getvalue = $proc->get_pack($packtype, $packunit_len, $from, $undef_val); # return $undef_val if failed $getvalue = $proc->get_packs($packtype, $packunit_len, $from, $pack_nums, $undef_val); $getvalue = $proc->get_i8($from, $undef_val); $getvalue = $proc->get_u8($from, $undef_val); $getvalue = $proc->get_i16($from, $undef_val); $getvalue = $proc->get_u16($from, $undef_val); $getvalue = $proc->get_i32($from, $undef_val); $getvalue = $proc->get_u32($from, $undef_val); $getvalue = $proc->get_float($from, $undef_val); $getvalue = $proc->get_double($from, $undef_val);
$setbytes = $proc->set_buf($from, $buf); # return 0 if failed $setbytes = $proc->set_pack($packtype, $from, ...); $setbytes = $proc->set_packs($packtype, $from, ...); $setbytes = $proc->set_i8($from, $undef_val); $setbytes = $proc->set_u8($from, $undef_val); $setbytes = $proc->set_i16($from, $undef_val); $setbytes = $proc->set_u16($from, $undef_val); $setbytes = $proc->set_i32($from, $undef_val); $setbytes = $proc->set_u32($from, $undef_val); $setbytes = $proc->set_float($from, $undef_val); $setbytes = $proc->set_double($from, $undef_val);
Search all commited area of given process. $proc->search_sub($pattern, sub {...}); # call sub when founded, $_[0] is the starting address of match @results = $proc->search_string($pattern); # return starting addresses of every match as an array %hash = $proc->search_string_hash($patttern); # return hash, which key is $1 of match, and which value is starting address @results = $proc->search_pack($packtype, ...); # ... is the arguments of pack function @results = $proc->search_packs($packtype, ...); # ... is a list of 1 arguments of pack function @results = $proc->search_i8(48); @results = $proc->search_u8(48, 56, ...); @results = $proc->search_i16(48, 56, ...); @results = $proc->search_u16(48, 56, ...); @results = $proc->search_i32(48, 56, ...); @results = $proc->search_u32(48, 56, ...); @results = $proc->search_float(48, 56, ...); @results = $proc->search_double(48, 56, ...);
Search a specific range ($from, $len). The caller should ensure that the range is valid. $proc->search_range_sub($from, $len, $pattern, sub {...}); # call sub when founded, $_[0] is the start address of match @results = $proc->search_range_string($from, $len, $pattern); # return starting addresses of every match as an array %hash = $proc->search_range_string_hash($from, $len, $patttern); # return hash, which key is $1 of match, and which value is starting address @results = $proc->search_range_pack($packtype, ...); # ... is the arguments of pack function @results = $proc->search_range_packs($packtype, ...); # ... is a list of 1 arguments of pack function @results = $proc->search_range_i8(48); @results = $proc->search_range_u8(48, 56, ...); @results = $proc->search_range_i16(48, 56, ...); @results = $proc->search_range_u16(48, 56, ...); @results = $proc->search_range_i32(48, 56, ...); @results = $proc->search_range_u32(48, 56, ...); @results = $proc->search_range_float(48, 56, ...); @results = $proc->search_range_double(48, 56, ...);
Please report any requests, suggestions or bugs via http://rt.cpan.org/NoAuth/ReportBug.html?Dist=Win32-Process-Memory
Copyright 2004 Qing-Jie Zhou <qjzhou@hotmail.com>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
2 POD Errors
The following errors were encountered while parsing the POD:
'=item' outside of any '=over'
You forgot a '=back' before '=head1'
To install Win32::Process::Memory, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Win32::Process::Memory
CPAN shell
perl -MCPAN -e shell install Win32::Process::Memory
For more information on module installation, please visit the detailed CPAN module installation guide.