[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200211301434.gAUEYt03043127@mailserver3.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: fetchmem 0.01b
-----BEGIN PGP SIGNED MESSAGE-----
Please come to #!electronicsouls, we believe you may be skilled enough
to fill in for dvorak while he is on holiday.
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"Suckers make me lick."
On Fri, 29 Nov 2002 23:05:20 -0800 Michal Zalewski <lcamtuf@...ttot.org> wrote:
>
>Fetchmem is a trivial Linux application, the kind of a command-line
>tool I
>was missing for a while - so maybe some readers will also find it
>useful.
>It's there not because it's advanced, simply because I had to code
>this in
>C for some specific tasks one time too many.
>
>In short, it can be used to dump entire process memory on demand
>without
>disrupting its execution - either immediately or at a nearest fault
>condition such as SIGSEGV - so the data can be examined directly
>using
>tools like diff, strings, grep, your favorite viewer, etc. This
>way,
>you're not forced to stick with inferior data examination and comparison
>capabilities of your debugger - debuggers are generally designed
>to
>simplify manual viewing of small portions of data at a time - and
>you can
>automate many audit tasks. It can be used to verify a binary is
>what it
>claims to be, can be used to detect runtime infections, spoofed
>/proc/pid/exe and so on. Curious ones can use it to look what an
>application, such as a daemon, retains in memory between sessions.
>Since
>memory dumps are considerably more complete than core files, it
>is
>possible to detect some fairly obscure tricks such as modifying
>read-only
>shared maps, for example libc, using ptrace.
>
>It is also possible to defer process dumps until SIGSEGV or a similar
>condition is encountered, so the tool is also useful for certain
>debugging
>tasks when the process won't dump core (rlimits, higher privileges
>used,
>cwd writability issues, custom signal handlers).
>
>Enough said. The tool can be downloaded from
>http://lcamtuf.coredump.cx/memfetch.tgz . Have a good weekend.
>
>--
>------------------------- bash$ :(){ :|:&};: --
> Michal Zalewski * [http://lcamtuf.coredump.cx]
> Did you know that clones never use mirrors?
>--------------------------- 2002-11-29 22:47 --
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3ozTAMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltX8IAn2VqFarK1FlV
QoIdyZB1vHWy6AXZAKCe7++mJFf78t+OYhNPGyae9oYPhw==
=1CIE
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists