Skip to content

POC memory editor that uses the mach_vm kernel calls to scan, read, and write integer memory regions.

License

Notifications You must be signed in to change notification settings

attilathedud/mem_scan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mem_scan

Reading memory screenshot

About

mem_scan is a POC memory editor that uses the mach_vm kernel calls to scan, read, and write integer memory regions of other userland processes. Included in the project is an example target that can be tested against.

It must be run as root to attach to userland processes.

Options

  • -p : The pid of the target process. Can be retrieved through ps.
  • -m : Display a memory map of all active regions of the target process.
  • -u : The upper limit of addresses to search.
  • -r : Display all addresses that have the passed integer value.
  • -f : Path to a file which contains a list of addresses generated by -r. Used to filter addresses successively.
  • -w : Address to write.
  • -v : Integer to write to address passed via the -w param.

Example Usage

# Use ps to get the pid
$ ps
  PID TTY           TIME CMD
 0001 ttys000    0:00.12 -bash
 1234 ttys001    0:00.06 target

# Search for our desired value
$ ./mem_scan -p 1234 -r 56 > addresses

# Filter until we find our address
$ ./mem_scan -p 1234 -r 55 -f addresses > addresses

# Write to our found address
$ ./mem_scan -p 1234 -w 0xDEADBEEF -v 100

About

POC memory editor that uses the mach_vm kernel calls to scan, read, and write integer memory regions.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published