Lib.rs

Development toolsDebugging
#process-memory #search #string-search #text #erase #text-search #region

app memgrep

Search for strings in process memory

by Eldad Zack

2 unstable releases

0.2.0 Jun 25, 2023
0.1.0 Sep 29, 2022

#469 in Debugging

33 downloads per month

MIT license

13KB
223 lines

memgrep

Search (and optionally erase) a particular text in process memory.

Reference

memgrep 0.2.0
Eldad Zack <eldad@fogrefinery.com>
Memory Grep

Searches for a particular text in all memory regions that are not virtual or not mapped to any file:
stack, heap, or anonymous pages. Search text can be specified as bytes using the `--hex` flag.

When searching, only the first match is returned for each region.

When erasing, all matches are searched and erased.

USAGE:
    memgrep [OPTIONS] --pid <PID> <TEXT>

ARGS:
    <TEXT>
            Search text

OPTIONS:
    -d, --debug
            Set log level to debug

    -e, --erase
            Erase text

    -e, --erase-value <ERASE_VALUE>
            If erase is enabled, use this value to erase the search text

            [default: 32]

    -h, --hex
            Parse search text as hex string

        --help
            Print help information

    -m, --max-region-size <MAX_REGION_SIZE>
            Set maximum region size. Regions larger than this size will not be searched

            [default: 1073741824]

    -p, --pid <PID>
            PID

    -V, --version
            Print version information

Dependencies

~4MB
~68K SLoC