-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmondump.js
56 lines (44 loc) · 1.17 KB
/
mondump.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// Utils
function log(message){
send({log:'['+new Date().toISOString()+'] '+message});
}
function endsWith(str, suffix) {
return str.indexOf(suffix, str.length - suffix.length) !== -1;
};
function read_string_param(fname, arg, length){
if (parseInt(arg)===0){ return null; }
length = typeof length === 'undefined' ? 50 : length;
try {
if (endsWith(fname,'W')){ return Memory.readUtf16String(ptr(arg), length); }
else { return Memory.readAnsiString(ptr(arg), length); }
}
catch (e){
return e;
}
};
// Vars
var pattern = '%(pattern)s';
// Code
function match_found (address, size){
var data =read_string_param('A',address, -1);
send({ time:new Date().toISOString(),
addr:address.toInt32(),
data:data });
}
function scan_memory(){
log('starting memory');
Process.enumerateRanges('rw-', {
onMatch: function onMatch(range){
Memory.scan(range.base, range.size, pattern, {
onMatch: match_found,
onError: function onError(reason){},
onComplete: function onComplete(){}
})
},
onComplete: function onComplete(){
log('memory scan completed');
}
});
}
// Main
var scan_timer = setTimeout(scan_memory, %(msecs)d )