hyuk9 How do I cheat? Reputation: 0
Joined: 08 Sep 2017 Posts: 4
|
Posted: Fri Sep 08, 2017 3:05 pm Post subject: Using pointer scanner on a dumped process |
|
|
I am using the "open file" method to open a dumped process for memory analysis. In order to look at the memory associated with a pointer in the file, I have to subtract 0x1400000000 (or some constant like that) from the pointer. I am thinking this is probably due to ASLR. I know that I could simply add this number of null bytes to the beginning of the file so that things like pointer scanner work, or even modify all the pointers with a script, but I was hoping that there is a way to configure CE for this use case.
|
|