{"id":20935834,"url":"https://github.com/anfractuosity/procmod","last_synced_at":"2025-08-25T13:27:05.179Z","repository":{"id":5330445,"uuid":"6514357","full_name":"anfractuosity/procmod","owner":"anfractuosity","description":"Modifies running processes on Linux","archived":false,"fork":false,"pushed_at":"2022-06-26T16:25:10.000Z","size":28,"stargazers_count":25,"open_issues_count":3,"forks_count":3,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-05-13T21:39:56.030Z","etag":null,"topics":["ptrace","ptrace-injection","reverse-engineering"],"latest_commit_sha":null,"homepage":"https://www.anfractuosity.com/projects/procmod/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anfractuosity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-11-02T23:50:16.000Z","updated_at":"2025-04-23T06:03:06.000Z","dependencies_parsed_at":"2022-07-05T18:08:43.049Z","dependency_job_id":null,"html_url":"https://github.com/anfractuosity/procmod","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/anfractuosity/procmod","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfractuosity%2Fprocmod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfractuosity%2Fprocmod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfractuosity%2Fprocmod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfractuosity%2Fprocmod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anfractuosity","download_url":"https://codeload.github.com/anfractuosity/procmod/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfractuosity%2Fprocmod/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265128437,"owners_count":23715621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ptrace","ptrace-injection","reverse-engineering"],"created_at":"2024-11-18T22:16:34.955Z","updated_at":"2025-07-13T10:33:32.854Z","avatar_url":"https://github.com/anfractuosity.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ProcMod v0.1\n\n## About\n\nModifies running processes on linux.\n\n* Finds ASCII/UTF-16/binary and replaces it appropiately\n* Dumps processes to disk\n\n## Compilation\n\nShould compile fine on 32/64 bit architectures, simply by typing 'make'.\n\n## Arguments \n\n* -p PROCID - Process ID to work on\n* -f        - Text to find in the process\n* -r        - Text to replace in the proces\n* -u        - Convert find/replace parameters to UTF-16 (for JVM)\n* -d FILE   - dumps process to file\n* -l NUM    - Lower bound of search\n* -t NUM    - Top bound of search\n* -h        - Hexadecimal find/replace strings\n\n\n## Example usage\n\nSearch for the text HELLOWORLD in a firefox process, from the hex address 0x00007fef32000000.\n\n./procmod -p `pgrep firefox` -f HELLOWORLD -l `printf \"%u\" 0x00007fef32000000`\n\n\nFind the hexadecimal bytes 0xDEADBEEF in firefox.\n\n./procmod -p `pgrep firefox` -f \"DEADBEEF\" -h\n\n## Problems\n\nIf you find it can't attach to a process, this could be because the process\nis running as a different user.  The ptrace system call can only trace your own processes.\n\nIf you're running a Grsecurity kernel with \"Configuration option: CONFIG_GRKERNSEC_PROC_MEMMAP\" enabled\nthen you will find that most of the addresses in /proc/PROCESSID/maps are null.  This is because:\n\n\"If you say Y here, the /proc/\u003cpid\u003e/maps and /proc/\u003cpid\u003e/stat files will give no information about the addresses of its mappings if PaX features that rely on random addresses are enabled on the task. If you use PaX it is greatly recommended that you say Y here as it closes up a hole that makes the full ALSR useless for suid binaries.\"\n\n## Usage \n\nPlease see https://www.anfractuosity.com/projects/procmod/ for a simple example modifying a Java program.\n\n## Licence\n\nLicenced under GPL v2\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanfractuosity%2Fprocmod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanfractuosity%2Fprocmod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanfractuosity%2Fprocmod/lists"}