Getting up in another processes memory

  Рет қаралды 15,320

Low Byte Productions

Low Byte Productions

Күн бұрын

Пікірлер: 50
@flamurmustafa522
@flamurmustafa522 Жыл бұрын
Bro is single-handedly saving us form the clickbait, idiotic drama inducing, and worthless "programming creators" out there. Thank you so much about making these kinds of videos, been watching a lot of your channel lately.
@LowByteProductions
@LowByteProductions Жыл бұрын
🙏
@octavio2895
@octavio2895 Жыл бұрын
Hey I've been following your videos for a few weeks now and just wanted to say thank you for making this content. I think you are filling a very import void that its often overlooked or underrepresented in video form. I like you teaching style and makes everything very clear I can confidently say that this is making me a better programmer and just yesterday I was looking into using ptrace at work. Wish you the best of luck!
@LowByteProductions
@LowByteProductions Жыл бұрын
🙏
@rajesha8626
@rajesha8626 8 ай бұрын
normally i got bored for watching video longer than 20 minutes, but this video is an exception. Learned something new :)
@ligius3
@ligius3 10 ай бұрын
Enjoying the videos and today I learned a bit more about how to use Python today, as a non-pythonist. I have to routinely go to the proc folder and look for content there, on containers/pods inside Kubernetes/Openshift that have almost zero Linux tools. We assume that all the distros get at least a set of basic tools, but you'd be surprised how many of the commands are missing.
@hedgechasing
@hedgechasing Жыл бұрын
For getting functions from the C library in python, you can just call CDLL with an empty string and not need to worry about what the exact name the libc shared object has. This will boil down to calling dlopen with null which will give you a handle for searching all the the symbols imported by the python executable including the C library which it will obviously be linked with.
@LowByteProductions
@LowByteProductions Жыл бұрын
Huh today I learned. Thanks!
@PeterBagel-ti5xw
@PeterBagel-ti5xw 4 ай бұрын
Oh my god, I just found out about this this channel it's absolutely AWESOME! I love it I'm watching all your videos now
@wiseskeshom4673
@wiseskeshom4673 Жыл бұрын
I would like to say thank you so so much, I enjoyed and learned a lot from your videos in recent weeks. great work. One more thing that I want to share here is, I really like the way you make a video. With full screen of the code editor, the camera angle to your face, the pace and your calm & clear voice, everything is perfect.
@LowByteProductions
@LowByteProductions Жыл бұрын
🙏
@CarlosAlbertoGarcíaRosales
@CarlosAlbertoGarcíaRosales 2 ай бұрын
Amazing! Video I am making auditory tool and I am using Go ( also can interact with C) your video help me to make a roadmap of what I need to reach using Go
@andrewlogan9104
@andrewlogan9104 Жыл бұрын
I've spent quite a bit of time in my career as sys programmer using /proc - it's been around for ages but I love the way all the files are text now - some versions of Unix used to store binary data. I've never known what to do with the 'mem' file so thanks for this detailed explanation. I've always used C and I've never used Python so it's great to get a tutorial on that as well! - it would have been a bit painful to do in C. Loving all your videos!
@LowByteProductions
@LowByteProductions 11 ай бұрын
I didn't realise that they were binary at some point. I can imagine that would have made changes between kernel versions tricky because it could break userspace code relying on the characteristics of binary structures. Always bet on text!
@andrewlogan9104
@andrewlogan9104 11 ай бұрын
@@LowByteProductionsLinux has always been text in /proc - the main thing I've used is /proc/pid/stat to get all the characteristics of a process. AIX, for example, has a binary format for the process info in /proc which just maps onto a struct. I do seem to remember /proc/pid/stat in Linux varying between kernel versions slightly ...
@andrewlogan9104
@andrewlogan9104 11 ай бұрын
Just out of interest I implemented the dumper in C - obviously the ptrace calls are simpler in C but overall I like the look of Python
@JakeDownsWuzHere
@JakeDownsWuzHere Жыл бұрын
been diving into your videos a bunch this week. great content! thanks for posting
@dominicelm1134
@dominicelm1134 11 ай бұрын
Fantastic video as always. I so much enjoy all of your videos especially parts about OS internals.
@mishadrug98
@mishadrug98 Жыл бұрын
Mind-blowing for me. Now I am much closer to understanding how game cheats works! Thanks 😅
@LowByteProductions
@LowByteProductions Жыл бұрын
Definitely on the right path!
@StevenMartinGuitar
@StevenMartinGuitar 11 ай бұрын
Very cool, more of these please! They're hard to find
@omarmagdy1075
@omarmagdy1075 Жыл бұрын
I imagine that's also how cheat-engine works it's a pretty interesting program I remember using it to change some variables in some offline games like getting infinite bullets i had no idea what I was doing, but it was magic. man good times
@LowByteProductions
@LowByteProductions Жыл бұрын
Pretty much! And I had very much the same experience.
@Paul_ABC
@Paul_ABC 11 ай бұрын
Really enjoyed this! Super clear, casual and interesting
@commissarbas1401
@commissarbas1401 11 ай бұрын
Loving your content. I use it as a relaxing way to start my weekend days with my morning coffee! Especially loved the way you teach the python to c stuff, never thought about using Python like this!
@knecht3000
@knecht3000 Жыл бұрын
I did not really understand why ptrace is used here. Just to be sure the programm stops running? Would it be possible to just use ptrace without the proc fs to read the data? Are the two void* args there for that purpose?
@LowByteProductions
@LowByteProductions Жыл бұрын
You can't read another processes memory unless you're tracing it. You can indeed read memory without the procfs, but this is a more efficient way of reading large chunks at a time.
@syedkumailhussainsherazi3871
@syedkumailhussainsherazi3871 11 ай бұрын
​@@LowByteProductionsHow were you able to read the mem file from the proc fs in terminal then? or is it also doing all the ptrace magic behind the scene that we are not aware of? Also recently subscribed, love the detailed explanations and low level stuff! wish more yt channels were like this
@Paul-fn2wb
@Paul-fn2wb Жыл бұрын
Great video! I learned a lot.
@dkierans
@dkierans Жыл бұрын
Loved this.
@gg-xs3nu
@gg-xs3nu Жыл бұрын
thanks for this! never thought about just core dumping my browser when that happens, its obv
@LowByteProductions
@LowByteProductions Жыл бұрын
Right!
@schlaus_kwab
@schlaus_kwab Жыл бұрын
"macOS, with its BSD roots, doesn't have a proc filesystem" - google. Loved the vid, thanks!
@LowByteProductions
@LowByteProductions Жыл бұрын
Huh I could have sworn mac had procfs! Well live and learn. BSD definitely has it though.
@ermirplaka5308
@ermirplaka5308 11 ай бұрын
First of all you are amazing. Thats all!
@seanxu4637
@seanxu4637 11 ай бұрын
Hi, thanks for your video, I'd like to ask if ptrace is mandatory if I have the root permission?
@paxdriver
@paxdriver Жыл бұрын
I love your content so much ❤
@fin31337
@fin31337 11 ай бұрын
It’s very cool :) Big thanks :)
@electrolyteorb
@electrolyteorb Жыл бұрын
Great video ❤
@mananabanana
@mananabanana Жыл бұрын
Loved this video so much! Thanks.
@johnnywilliams2641
@johnnywilliams2641 6 ай бұрын
awesome
@aarond309
@aarond309 Жыл бұрын
By the way, it’s `man 5 proc`
@LowByteProductions
@LowByteProductions Жыл бұрын
Thank you, I absolutely flailed trying to summon that command!
@Spaggei0hs
@Spaggei0hs 11 ай бұрын
Love the videos! Could someone please explain why you are able to cast c structs/types all to c_ulong? And also, what would happen if you didn't ptrace attach/detach? Is the advantage of ptrace here just that is pauses execution? Thanks! Sorry if it's a silly question
@spaghettiking653
@spaghettiking653 11 ай бұрын
Well basically, the parameters are all able to be represented using the 64 bits of a long. The "enum" type in C is internally represented as an integer, (0, 1, 2, ... for each element in the enumeration), so it can be held easily in a long; the PID is also an integer, and will definitely fit within a long; and the address/data void* pointers are 64 bits (or as long as whatever your architecture is), so a long (which is also 64 bits on virtually all systems) is able to store these as well. In C you can 'upcast' any type to another type which is wide enough to store it, so there is technically no problem here. The only thing is that it's not perfectly portable, because a ulong is not necessarily guaranteed to be 64 bits, blah blah blah, but it works 99% of systems I think. I don't really know much about ptrace, but I assume what you said is the main point: at 44:58 he mentions this idea that you don't want the active process to mess up the memory while you're still trying to dump it, which could prevent you from recovering that lost data.
@Spaggei0hs
@Spaggei0hs 11 ай бұрын
@spaghettiking653 thanks so much, that actually makes so much sense! (I also love ur name haha)
@spaghettiking653
@spaghettiking653 11 ай бұрын
@@Spaggei0hs Ah a fellow man of culture! I didn't notice your name first time round, love yours too :ppp anyway, glad that was of help.
@aalawneh91
@aalawneh91 10 ай бұрын
When is the next video
@HyphensAreNotDashes
@HyphensAreNotDashes 11 ай бұрын
20:50 - *Picture this: Hyphens (-) are literally not dashes (-).*
@LowByteProductions
@LowByteProductions 11 ай бұрын
Incredible dedication to your craft 👏
The mechanics of VIRTUAL MEMORY //Source Dive// 005
1:14:54
Low Byte Productions
Рет қаралды 26 М.
Malware Development: Processes, Threads, and Handles
31:29
小丑揭穿坏人的阴谋 #小丑 #天使 #shorts
00:35
好人小丑
Рет қаралды 27 МЛН
Who’s the Real Dad Doll Squid? Can You Guess in 60 Seconds? | Roblox 3D
00:34
버블티로 부자 구별하는법4
00:11
진영민yeongmin
Рет қаралды 28 МЛН
the balloon deflated while it was flying #tiktok
00:19
Анастасия Тарасова
Рет қаралды 34 МЛН
Being Competent With Coding Is More Fun
11:13
TheVimeagen
Рет қаралды 103 М.
How does KERNEL memory allocation work? //Source Dive// 004
44:42
Low Byte Productions
Рет қаралды 50 М.
Just enough C to have fun
39:29
Kay Lack
Рет қаралды 57 М.
How does an OS boot? //Source Dive// 001
50:22
Low Byte Productions
Рет қаралды 421 М.
Nix explained from the ground up
23:39
Surma
Рет қаралды 52 М.
Signals. I spent 2 years to understand this part.
21:24
kimylamp
Рет қаралды 251 М.
Emulating a CPU in C++ (6502)
52:28
Dave Poo
Рет қаралды 998 М.
小丑揭穿坏人的阴谋 #小丑 #天使 #shorts
00:35
好人小丑
Рет қаралды 27 МЛН