Skip to content

Latest commit

 

History

History
67 lines (51 loc) · 2.78 KB

README.md

File metadata and controls

67 lines (51 loc) · 2.78 KB

memvis

Memvis is a Linux process memory visualizer. It will attempt to read all of the memory pages of a process and print the memory data in a table format, where each address's data is presented in hex format. If an address' value is an ascii character, memvis will by default print the ascii character (this can be turned off).

This tool is intended to help with performing a Stack Buffer Overflow, which is why the stack is opened first by default when running memvis. However all the mapped memory regions are read and can be visualized. To learn more about what maps are available and how they are read see /proc/[pid]/maps and /proc/[pid]/mem.

Installation and running

To install dependencies run:

sudo pip install .

To run memvis do:

sudo memvis [options]

NOTE: To view another process' memory, root privilleges will be required (hence the sudo).

Usage

usage: memvis [-h] [-s START_ADDRESS] -p TARGET_PID [-n] [-j WIDTH] [-i HEIGHT] [-b]

optional arguments:
  -h, --help            show this help message and exit
  -s START_ADDRESS, --start-address START_ADDRESS
                        Address to start visualizing from. If not set the current stack pointer will be used.
  -p TARGET_PID, --pid TARGET_PID
                        The pid of the process.
  -n, --no-ptrace       If set then the stack pointer will be read from /proc/[pid]/syscall file. If not set the current stack pointer will be used.
  -j WIDTH, --width WIDTH
                        Window width.
  -i HEIGHT, --height HEIGHT
                        Window height.
  -b, --print-bytes     If set memvis will not convert bytes to readable asii characters.

c

Controls

Button Function
Up Move address space up one byte (subtract one byte)
Down Move address space down one byte (add one byte)
Left Previous mapped memory region. Order is determined by /proc/[pid]/maps
Right Next mapped memory region. Order is determined by /proc/[pid]/maps
j Jump to address. When pressed user is prompted to enter an address and hit Enter when done
q Exit memvis

Demo

asciicast