This is a small command-line tool designed to peek around memory of a running Linux process. It also provides filtering mechanisms similar to Cheat Engine to scan for memory of certain values.
It uses rustyline to maintain a history of command line arguments which is
persisted in the .peekieboi file. Allowing "up-arrow" to work across
different runs of the tool!
Simply run cargo install mempeek to install this tool! Then invoke it by
running mempeek <pid of process to introspect>
I've added extremely basic support for expressions of various radix as well as add, subtract, multiply, and divide. No support for parenthesis (yet).
This allows you to use an expression like 0x13370000+0o100*4 in any argument
to a command which expects a constant value. The default radix for numbers
is 16, thus, hex unless you use an 0b, 0o, or 0d prefix
Types may be one of the following:
b-u8w-u16d-u32q-u64B-i8W-i16D-i32Q-i64f-f32F-f64
Constraints may be any one of the following:
=[val]- Equal to[val]![val]- Not equal to[val]>[val]- Greater than[val]>=[val]- Greater than or equal to[val]<[val]- Less than[val]<=[val]- Less than or equal to[val]
Currently this only supports a few commands
Exit the program
Get the results from a previous memory scan. Takes the query index of the query
to retrieve. Optionally, you can use l in place of the query index to get the
most recent query results
Scan memory for a value of a given type starting at addr for length bytes
using constraints
Using the address list from a previous query, interpret the pointed-to-value as
the specified type o implies that the update should use the type of the
original query.
Dump memory interpreted as a given type for a given number of bytes
Search for a string in a region of memory specified by addr and length
(in bytes)
Dump memory regions and their permissions.
Green values in the dump output indicate that the value is a valid pointer
when cast to a u64