How can I dump a memory of a plugin running inside a browser. For example, I want to analyze the memory of acrobat reader which is running inside chrome.
Thanks in advance.
Generally in case of most common browsers plugins are dynamic librarys loaded into the process of the browser. So you need to attach to that process with a debugger and then go to the module that is the plugin.
For chrome and pdf reader:
Chrome spawns a new process for almost everything, so first you need to load up any pdf in the browser so the plugin gets loaded. Then you can find the matching PID for that tab via the integrated taskmanager from chrome. When you attach to this process with a debugger, you should see the module "pdf", which is a dll located in the chrome installation directory and I believe is a modified version of acrobat reader.
Depends on what you mean by memory dump, and what exactly you're looking to do with it. There are tools such as Memoryze that you can dump the memory of a running process. I've used it forensically but I've never tried to take said dump and throw it in IDA.
You could also attach a debugger and get at memory that way. It all depends what you're trying to analyze/reverse.
Related
I have numerous programs that launch the current web browser on constructed HTML files, and it needs to open in a new window. Many places in the registry reference chrome.exe. There are so many it's hit or miss editing each to have "--new-window". I renamed chrome.exe to chrome_original.exe and replaced chrome.exe with a program I made. What my program does is pass command line arguments to chrome_original.exe, adding "--new-window" if not already present. A config file is read for options. For instance I can keep a log of invocations. There are times when adding "--new-window" is not appropriate, which can be determined by examining the log.
On my development machine the strategy works excellent, but on other machines it doesn't. On the other machines chrome loads, but just sits there with the wheel spinning. Does it test to see if the exe being run is chrome.exe? Why does it work on my development machine?
If chrome updates itself with a new version, putting things back like they were, when I redeploy my exe it will take care of that.
I need to get this working if anyone has an idea why chrome will just sit with the wheel spinning and not load a page. Thanks
To analyze the problem I recommend that you install Process Explorer from www.sysinternals.com.
There should be no Chrome "sitting around with the wheel spinning".
In Process Explorer find out which is the process, double click it and in the first tab in the window that opens you see the command line.
Compare it with the command line on the computer where it works.
Process Explorer gives you much more information, like for example the environment variables. I saw in the case of Firefox that Environment variables may be very relevant. For example when you start Firefox by your program and do not set the working directory correctly it may hang.
I resolved my issue. Chrome also runs as a background process, sitting in the tray, utilizing the same exe. When loaded, the exe file is not held open. Having the exe already loaded as one file name, then loading again as a different file name, no doubt causes confusion. What was already loaded needed to be unloaded, first. In addition, the auto start registry key value needed to be updated with the new exe file name.
I have yet to see what will happen when chrome updates itself automatically with a new version. There's a good chance the launching utility will be overwritten. Some tweaking will need to be done.
Using a launcher for chrome to intercept invocations works really well and is a good approach to always having a new window when one is wanted.
When uploading relatively large file or a few big files Google Chrome consumes all available memory on my pc. There is no such problem in Firefox. How to limit Google Chrome from consuming all available memory while uploading large files to mega? What is the reason for such a strange behavior? Is it considered to be a memory leak?
By default, Chrome is a multi-process browser.This was intentionally designed to make web apps run faster in Chrome. This feature makes the browser zippier and more stable even with multiple open tabs.disabling multiple processes can free up some CPU resources.To handle each web process Chrome has three settings
process-per-tab
process-per-site
single-process
Create a shortcut for Chrome. Open the Properties tab. Edit the Target field as shown in the picture by appending –single-process to the path.
Google know about this bug. See http://code.google.com/p/chromium/issues/detail?id=175233
On linux distro the memory available to the chrome process can be limited by using ulimit, 1024MB in the bellow example.
Try a script with the following (e.g chrome-limited.sh):
#!/bin/sh
ulimit -Sv 10240000 #amount of memory available in bytes
/usr/bin/google-chrome-stable
I am looking to ungracefully kill a program (Chrome) in Windows 7. Chrome has a read-lock on a .tmp file that I want to make a copy of. If I exit Chrome gracefully Chrome deletes the .tmp file as it exits.
How can I immediately kill the program without letting chrome delete my file?
It probably uses a WinAPI temporary file, so you can't:
Check http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858%28v=vs.85%29.aspx
Specifying the FILE_ATTRIBUTE_TEMPORARY attribute causes file systems to avoid writing data back to mass storage if sufficient cache memory is available, because an application deletes a temporary file after a handle is closed. In that case, the system can entirely avoid writing the data. Although it does not directly control data caching in the same way as the previously mentioned flags, the FILE_ATTRIBUTE_TEMPORARY attribute does tell the system to hold as much as possible in the system cache without writing and therefore may be of concern for certain applications.
You're best best is to try to copy the file while chrome is still running...
Or put a wrapper between chrome and WinAPI to override the CreateFile call so it doesn't create it as a temporary file.
First, in Chrome, use the shortcut key "Shift+Esc" to pop up the Chrome's Task Manager and kill any other processes than "Browser" (the only one that can't be killed using that).
Then, open Windows Task Manager and kill the only one "chrome.exe" that is left behind.
Download a software called unlocker from google.
http://www.filehippo.com/download_unlocker/
Go to start -> search from "chrome" and go the file location. Generally this
C:\Users\\AppData\Local\Google
Right click on google folder and click unlocker. Click all the open handles and then start the chrome. It works!!
Of course the page will be on my pc not from a remote server. I just want to create a launch page for my most used software. I find windows program start menu too much a hassle and cannot find any freeware that does really a good job.
Don't tell it's not possible because I had already done this in the past with javascript referencing a file:/// but I don't remember what's the exact syntax.
Will it work in Google Chrome ?
If you use file:///, then the browser will download the file. Even IE's option of "running" the file is really just downloading it to a temp directory first, then running it. So no browser truly just runs an exe, as browsers weren't designed with that in mind.
You could run a local web server with a little bit of code that does "when user clicks this link, run this program". It would be the web server running the program, not the browser, but it'd have the same effect.
Is it possible to access Google Chrome's cache from within an extension?
I'd like to write an extension that loads a cached version of a page when the online one can't be accessed (e.g. Internet connectivity issue).
Updated: I know I could write an NPAPI plugin accessible through an extension to accomplish this but I'd rather not suffer writing one... I am after a solution without resorting to NPAPI, please.
Note: as far as I can tell, Google Chrome doesn't support this functionality (at least not out-of-the-box): I just had an episode of "no Internet access" and I was stranded...
Unfortunately, I'm 99% sure that this is impossible without using an NPAPI in your extension.
Chrome extensions are sandboxed to their own process, and can only access files within the extension's folder.
There is some support for things like chrome://favicon/. But that's about it, at least for now.
Source (Google Chrome Extensions Reference)
P.S. I just had a crazy idea. Extensions only have access to files in their folder... but Chrome stores it's cache in the Cache folder. What you might try is, copy (or move) the Cache folder into a subfolder within the extension. The extension should now be able to access the cache.
Whether this is enough to actually enable offline mode... I don't know. I do see some HTML files (and obviously a lot of images) within my Cache folder, though.
In fact, even without using an extension, I can open up the HTML files in Chrome. And because they're stored on your computer, you should be able to access them even without internet.
P.S. the Cache folder is stored at PATH-TO-CHROME/Default/Cache
P.P.S. there is a way to store an entire webpage and archive it for later use. Check out this extension:
https://chrome.google.com/extensions/detail/mpiodijhokgodhhofbcjdecpffjipkle
Just make a simple plugin manifest that calls an AJAX page which loads jQuery from CDN, and then uses it to parse all the <a> elements on the page and alter the href values to have this prefix: http://webcache.googleusercontent.com/search?q=cache:
So <a href="http://stackoverflow.com/questions/blah"> becomes:
<a href="http://webcache.googleusercontent.com/search?q=cache:http://stackoverflow.com/questions/blah">
Voilà, you are cache surfing, but you still need to get to Google. I understand this answer is a bit outside the scope of the question but still solves a lot of web connectivity issues.
I'm tempted to just go write this plugin but I bet it'd be taboo in Google's eyes, so it'd get blocked or removed rather quickly. :)