Process Hacker and Windows discussion

 
User avatar
Controversed
Member
Posts: 14
Joined: 26 Oct 2017 13:09
OS: Windows 7 64bit
Location: France

Unloaded Strings

12 Jan 2018 23:56

It's like the function "Unloaded Modules" but for strings of the process (memory). It'll be so cool !
I hope to find this function / plugin one day!
 
xtal256
Member
Posts: 25
Joined: 30 Jan 2012 02:08
OS: Windows XP and Win 7 64-bit
Location: Australia

Re: Unloaded Strings

16 Jan 2018 05:01

What would it mean for a string to be "unloaded"? Are you suggesting that Process Hacker remember strings it has detected even after they no longer exist in memory (either because they have been deleted or modified)?

Just out of curiosity, where do I find this "Unloaded Modules" feature?
[Window Detective] - Windows UI spy utility
 
User avatar
Controversed
Member
Posts: 14
Joined: 26 Oct 2017 13:09
OS: Windows 7 64bit
Location: France

Re: Unloaded Strings

16 Jan 2018 17:17

There are strings that come off all by themselves in the process, I think it's to avoid an overload memory. So I wonder if it's possible to retrieve them with a function "see strings history" or "from the beginning," and for the function "unloaded modules", it's in "Miscellaneous".
 
xtal256
Member
Posts: 25
Joined: 30 Jan 2012 02:08
OS: Windows XP and Win 7 64-bit
Location: Australia

Re: Unloaded Strings

25 Jan 2018 00:08

I don't understand that expression, "come off all by themselves". What programming language are you talking about? Do you mean garbage collection?

Process Hacker already has a "String Search" feature, which scans the memory of a process looking for regions that look like strings (i.e. bytes in the ASCII range and zero terminated). Perhaps this is what you are looking for.
[Window Detective] - Windows UI spy utility
 
User avatar
TETYYS
Contributor
Posts: 515
Joined: 23 Apr 2013 10:37
OS: Win 10 x64

Re: Unloaded Strings

25 Jan 2018 10:50

There are strings that come off all by themselves in the process, I think it's to avoid an overload memory. So I wonder if it's possible to retrieve them with a function "see strings history" or "from the beginning," and for the function "unloaded modules", it's in "Miscellaneous".
This would require tracing every free() call to any memory block and storing them somewhere which would slow down the target program and hog resources. I think this is unviable