lou.cal has asked for the wisdom of the Perl Monks concerning the following question:

I posted this on the perlguru.com forum and was directed to ask here because no one had any idea where to start except the module documentation which I have already read, but am unable to really understand well enough to tackle this problem.

Hi everyone. I am relatively new to perl, but the syntax is growing on me. I am a computer science student, so I am not new to the concept of programming, but then again still do not have much practical experience except writing myself simple programs in VB, python, perl and some bash scripting. I am having trouble finding help with this module and the available documentation is quite thin (and what is there I'm afraid I do not have enough experience with perl to make use of it). I have even gone as far as to search for any open source code that uses the module so I could try to learn something from someone else... no luck there. I have been googling around in circles for over a week now, and anytime I ask in #perl on freenode no one really has any ideas on where I should start.

Without further nonsense, heres what I am trying to accomplish. This is step 1 of a bigger task, but the first thing I need to do is write a program that will monitor certain memory addresses and report on any text that matches a certain pattern. I have used the program MDump and have verified that the program does indeed keep the useful information in certain addresses, but so far I have not been able to discern any pattern on where the text pops up, and I think my best bet would most likely be to just write a program that can monitor all addresses and add each matching line to a file(or STDOUT) as it sees them.

I am obviously not asking you to solve this problem for me, although any level of help would be much appreciated I am mostly just looking for a place to start my reading. I bought the oreilly perl desktop reference and perl in a nutshell, both of which are very useful, but do not really have ANY info on Win32::process::memory or even the hexdump() function which I have played around with, but do not really understand (another which I just do not know where to start for documentation) Is there anything I should know, like is there a place where functions like hexdump() are stored, and I should open it up and look at comments, I have tried that with varying degrees of success in perl. It just seems that with a language that is so widely accepted there would be more documentation for all these people who know it to learn with, as there seems to be with python, ruby, etc.
Please post any input you might have, I would love to hear it.
-Lou

  • Comment on Running in circles trying to find helpful documentation (Win32::process::memory)

Replies are listed 'Best First'.
Re: Running in circles trying to find helpful documentation (Win32::process::memory)
by zentara (Cardinal) on Jan 07, 2007 at 13:56 UTC
    Since no one else has responded, I'll try. First, I use linux, so I may be offbase when it comes to windows memory management.

    First you should clarify what your ultimate goal is. Your requirement to monitor certain memory addresses for certain text is vague. Are you talking about within a single process, or one process watching another, or an absolute address in system RAM? Modern OS's use relative addressing ro run executables, so it is very unlikely you will find a program storing a variable at an absolute memory address.

    Second, there are many docs for Perl, just check out the tutorials section, and the perldocs. If you need an introduction to Perl, read some books. If you find that Python /Ruby has better documentation (which makes sense to you), then use those languages. Also, most of these scripting languages were developed with unix/linux type systems in mind, so if you are stuck on win32, you will find yourself at a slight disadvantage.

    Third, by your description of the problem "need to match text at a memory location" hints of an easy solution, for a problem which you havn't well formulated. Can you state what the ultimate problem is..... are you trying to hack passwords stored in binary files? :-)

    On linux anyways, you can read an image of the ram contents by using the dd utility to read /dev/ram (requires root priviledges). Google and groups.google can be searched for examples. You can find text strings in a binary with the "strings" utility.

    I'm not really a human, but I play one on earth. Cogito ergo sum a bum
[reply]
      Thank you for your response. I wish that I could be doing this on linux, but the program I am monitoring is a poker program that only runs on windows. I am trying to use data on the fly, although the program will log the data for me after each hand is done, I would like to have access as these things happen, because if you miss them, there is no way in the program to see that info until the hand is over, and the info is (for the purposes of playing that hand) useless.

      I will agree that I have not formulated the problem very well, and I appreciate your input because I needed some insight in certain areas especially because I do not know much about how programs use memory, and after all I am a linux user so this win32 stuff makes little sense to me, making win32 related reading (possibly) harder to digest.

      Now, I do have more experience in some other languages, but I did not want it to sound like I was discouraged from using perl. The truth is that although sometimes I feel like I am making no progress and trying to learn too much for my young mind, I do believe that learning perl here will payoff in spades due to my real home being on linux and other unix related/based systems. I could of course be wrong at this too since the win32 part of learning perl could be a completely different 'monster' and only time or possibly someone with more experience could let me in on that.

      Thank you again for your input and I hope this helps clarify my problem.

      I only want to monitor any memory of a specific pid and print in real time to the screen any lines that start with Dealer:

      I know that memory is not in a line by line format which makes this harder, but hopefully they are ended with newlines or something.

      I might be in over my head but I am willing to learn, the documentation on win32::process::memory just seems really difficult and I am still constantly reading the books I have plus oreilly's learning perl (I think it is win32 based but I am not completely sure)

[reply]
        I hope they don't make online gambling illegal, just after your year-long effort to reveal the dealer's hand is perfected. :-)
        I'm not really a human, but I play one on earth. Cogito ergo sum a bum
[reply]

Back to Seekers of Perl Wisdom