Data Structures | |
| struct | _core_memory_sections |
| Core file virtual-memory segments. More... | |
| struct | _mem_ctx |
| memgrep context. More... | |
| struct | _mem_ctx_core_data |
| Core file information. More... | |
| struct | _memgrep_functions |
| Medium-independant function table. More... | |
| struct | _memgrep_result |
| The result of a given operation. More... | |
| struct | _memgrep_result_row |
| Result row base structure. More... | |
| struct | _memgrep_result_row_dump |
| Row for memory dump results. More... | |
| struct | _memgrep_result_row_heap |
| Row for heap enumeration results. More... | |
| struct | _memgrep_result_row_replace |
| Row for replace reuslts. More... | |
| struct | _memgrep_result_row_search |
| Row for search results. More... | |
| struct | _process_section_addrs |
| Section addresses. More... | |
Defines | |
| #define | MEMGREP_CMD_INITIALIZE 0x00000001 |
| #define | MEMGREP_CMD_DEINITIALIZE 0x00000002 |
| #define | MEMGREP_CMD_SET 0x00000003 |
| #define | MEMGREP_CMD_GET 0x00000004 |
| #define | MEMGREP_CMD_POPULATE 0x00000005 |
| #define | MEMGREP_CMD_SEARCH 0x00000006 |
| #define | MEMGREP_CMD_REPLACE 0x00000007 |
| #define | MEMGREP_CMD_SEARCHREPLACE 0x00000008 |
| #define | MEMGREP_CMD_DUMP 0x00000009 |
| #define | MEMGREP_CMD_LISTSEGMENTS 0x0000000A |
| #define | MEMGREP_CMD_DESTROYRESULT 0x0000000B |
| #define | MEMGREP_CMD_HEAPENUMERATE 0x0000000C |
| #define | MEMGREP_PARAM_FLAGS 0x00000001 |
| #define | MEMGREP_PARAM_LENGTH 0x00000002 |
| #define | MEMGREP_PARAM_PADDING 0x00000003 |
| #define | MEMGREP_PARAM_DUMPFORMAT 0x00000004 |
| #define | MEMGREP_RESULT_TYPE_SEARCH 0x00000001 |
| #define | MEMGREP_RESULT_TYPE_REPLACE 0x00000002 |
| #define | MEMGREP_RESULT_TYPE_DUMP 0x00000003 |
| #define | MEMGREP_RESULT_TYPE_HEAP 0x00000004 |
| #define | MEMGREP_FLAG_VERBOSE (1 << 0) |
| #define | MEMGREP_FLAG_PROMPT (1 << 1) |
| #define | MEMGREP_FLAG_DUMPCLEAN (1 << 2) |
Typedefs | |
| typedef _process_section_addrs | PROCESS_SECTION_ADDRS |
| Section addresses. More... | |
| typedef _core_memory_sections | CORE_MEMORY_SECTIONS |
| Core file virtual-memory segments. More... | |
| typedef _mem_ctx_core_data | MEM_CTX_CORE_DATA |
| Core file information. More... | |
| typedef _memgrep_functions | MEMGREP_FUNCTIONS |
| Medium-independant function table. More... | |
| typedef _memgrep_result_row | MEMGREP_RESULT_ROW |
| Result row base structure. More... | |
| typedef _memgrep_result | MEMGREP_RESULT |
| The result of a given operation. More... | |
| typedef _memgrep_result_row_search | MEMGREP_RESULT_ROW_SEARCH |
| Row for search results. More... | |
| typedef _memgrep_result_row_heap | MEMGREP_RESULT_ROW_HEAP |
| Row for heap enumeration results. More... | |
| typedef _memgrep_result_row_replace | MEMGREP_RESULT_ROW_REPLACE |
| Row for replace reuslts. More... | |
| typedef _memgrep_result_row_dump | MEMGREP_RESULT_ROW_DUMP |
| Row for memory dump results. More... | |
| typedef _mem_ctx | MEM_CTX |
| memgrep context. More... | |
Enumerations | |
| enum | MemoryMedium { MEMORY_MEDIUM_UNKNOWN = 0, MEMORY_MEDIUM_PID = 1, MEMORY_MEDIUM_CORE = 2 } |
| memory access mediums. More... | |
| enum | MemoryDumpFormat { MEMORY_DUMP_FORMAT_HEXINT = 0, MEMORY_DUMP_FORMAT_HEXSHORT = 1, MEMORY_DUMP_FORMAT_HEXBYTE = 2, MEMORY_DUMP_FORMAT_DECINT = 3, MEMORY_DUMP_FORMAT_DECSHORT = 4, MEMORY_DUMP_FORMAT_DECBYTE = 5, MEMORY_DUMP_FORMAT_PRINTABLE = 6 } |
| memory dumping format. More... | |
Functions | |
| unsigned long | memgrep (MEM_CTX *ctx, unsigned long cmd, MEMGREP_RESULT *result, unsigned long param, unsigned long data) |
| unsigned long | memgrep_initialize (MEM_CTX *ctx, enum MemoryMedium medium, void *data) |
| unsigned long | memgrep_deinitialize (MEM_CTX *ctx) |
| unsigned long | memgrep_set (MEM_CTX *ctx, unsigned long param, unsigned long data) |
| unsigned long | memgrep_get (MEM_CTX *ctx, unsigned long param) |
| unsigned long | memgrep_populate_string (MEM_CTX *ctx, const char *addresses) |
| unsigned long | memgrep_populate_array (MEM_CTX *ctx, unsigned long *array, unsigned long elements) |
| unsigned long | memgrep_search (MEM_CTX *ctx, MEMGREP_RESULT *result, const char *searchPhrase) |
| unsigned long | memgrep_replace (MEM_CTX *ctx, MEMGREP_RESULT *result, const char *replacePhrase) |
| unsigned long | memgrep_searchreplace (MEM_CTX *ctx, MEMGREP_RESULT *result, const char *searchPhrase, const char *replacePhrase) |
| unsigned long | memgrep_dump (MEM_CTX *ctx, MEMGREP_RESULT *result) |
| unsigned long | memgrep_listSegments (MEM_CTX *ctx) |
| unsigned long | memgrep_destroy (MEM_CTX *ctx, MEMGREP_RESULT *result) |
| unsigned long | memgrep_heapenumerate (MEM_CTX *ctx, MEMGREP_RESULT *result, unsigned long minSize) |
|
|
Deinitialize from a given medium. Deinitializes a given memgrep context. This will free up any resources that had incurred over the time of its use. |
|
|
Destroy the contents of a result that was handed back by a command The 'param' argument should be a pointer to a result structure. The 'data' argument is undefined and should be 0. |
|
|
Dump memory for the addresses specified in MEMGREP_CMD_POPULATE. No parameters are required. Results are optionally returned in the 'result' argument if it is not null of type MEMGREP_RESULT_TYPE_DUMP. |
|
|
Get parameters that have been set on a context. The 'param' argument can be one of the following:
|
|
|
Enumerate the heap of a running process The 'param' argument is the minimize size of the heap unit, or 0. The 'data' argument is undefined and should be 0. |
|
|
Initialize from a given medium. Initializes a given memgrep context to a given medium. The 'param' argument should be one of the enumerations in the MemoryMedium enum. The 'data' argument should be the arbitrary value associated with the medium. For MEMORY_MEDIUM_PID it will be the process id. For MEMORY_MEDIUM_CORE it will be the core file. |
|
|
List all the segments of a given medium such as rodata, stack, bss, etc. No parameters are required. |
|
|
Populate the address array from supplied address(es). The 'param' argument can be one of the following:
|
|
|
Replace memory with the specified data at the addresses specified by MEMGREP_CMD_POPULATE. The 'param' argument is used in conjunction with the replace criteria. It can be in the following format:
Results are optionally returned in the 'result' argument if it is not null of type MEMGREP_RESULT_TYPE_SEARCH. |
|
|
Search for a given criteria in the addresses specified by MEMGREP_CMD_POPULATE. The 'param' argument is used in conjunction with the search criteria. It can be in the following format:
|
|
|
Search and replace memory that matches the criteria for the addresses specified by MEMGREP_CMD_POUPLATE. The 'param' argument is used in conjunction with the search criteria. It can be in the following format:
|
|
|
Set parameters on a context. The 'param' argument can be one of the following:
|
|
|
Flag used to enable output of dumping memory in a clear-text format rather than hex. |
|
|
Flag used to enable prompting before replacing memory. |
|
|
Flag used to enable verbose output when performing actions. |
|
|
Specifies that the data parameter will be the format to use when dumping. |
|
|
Specifies that the data parameter will be flags when used in conjunction with MEMGREP_CMD_SET. |
|
|
Specifies that the data parameter will be the length when used in conjunction with MEMGREP_CMD_SET. |
|
|
Specifies that the data parameter will be dump padding size when used in conjunction with MEMGREP_CMD_SET. |
|
|
The derived instance of this row is a MEMGREP_RESULT_ROW_DUMP and should be cast as such. |
|
|
The derived instance of this row is a MEMGREP_RESULT_ROW_HEAP and should be cast as such. |
|
|
The derived instance of this row is a MEMGREP_RESULT_ROW_REPLACE and should be cast as such. |
|
|
The derived instance of this row is a MEMGREP_RESULT_ROW_SEARCH and should be cast as such. |
|
|
Core file virtual-memory segments. Holds virtual memory segments of a core file as well as their length. |
|
|
memgrep context. The memgrep context. |
|
|
Core file information. Extended data structure holding information about a core file. |
|
|
Medium-independant function table. The medium-independant function table used internally by memgrep. |
|
|
The result of a given operation. The result from a given operation, including any rows that were returned. |
|
|
Result row base structure. The base for all rows in a result |
|
|
Row for memory dump results. Used in association with MEMGREP_CMD_DUMP |
|
|
Row for heap enumeration results. Used in association with MEMGREP_CMD_HEAPENUMERATE |
|
|
Row for replace reuslts. Used in association MEMGREP_CMD_SEARCHREPLACE and MEMGREP_CMD_REPLACE |
|
|
Row for search results. Used in association with MEMGREP_CMD_SEARCH. |
|
|
Section addresses. Holds the addresses that signify the start of a given logical section. |
|
|
|
memory access mediums. Mediums used when operating with memgrep. |
|
||||||||||||||||||||||||
|
The method used to operate memgrep.
|
1.2.15