[panda-users] Get PANDA to monitor a particular memory range?
Bridgey theGeek
bridgeythegeek at gmail.com
Sat May 21 11:09:53 EDT 2016
Hi PANDAs,
I'm trying to come up with a process where I can observe the changes to a
specific virtual address range of a specific process's memory.
For example: In Win7SP1x86, I have process app.exe with a pid of 1200, and
I want to see what changes in the 512 byte range from 0x005e0000 to
0x005e01ff of that process's virtual memory during the recording I made.
I've read around tapindex/memdump, but that doesn't seem to quite do what I
want.
memsavep and memsnap aren't quite right either.
Is there a way of doing this with PANDA? Might I be into the realm of
writing my own plugin?
Thanks!
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160521/95b81783/attachment.html
More information about the panda-users
mailing list