README
¶
DEPRECATION NOTICE
Please note that this repository has been deprecated and is no longer actively maintained by Polyverse Corporation. It may be removed in the future, but for now remains public for the benefit of any users.
Importantly, as the repository has not been maintained, it may contain unpatched security issues and other critical issues. Use at your own risk.
While it is not maintained, we would graciously consider any pull requests in accordance with our Individual Contributor License Agreement. https://github.com/polyverse/contributor-license-agreement
For any other issues, please feel free to contact info@polyverse.com
MASCHE
MIG Memory Forensic library
MASCHE stands for Memory Analysis Suite for Checking the Harmony of Endpoints. It is being developed as a project for the Mozilla Winter of Security program.
It works on Linux, Mac OS and Windows.
These are the current features:
- listlibs: Searches for processes that have loaded a certain library.
- pgrep: Has the same functionallity as pgrep on linux.
- memaccess/memsearch: Allows access and search into a given process memory.
You can find examples under the examples folder.
Compiling
You need golang installed.
Linux
You need glibc for 64 and 32 bits installed. On Fedora, the packages are:
- glibc-devel.i686
- glibc-devel.x86_64
- glibc-headers.i686
- glibc-headers.x86_64
- glibc.i686
- glibc.x86_64
Windows
In order to compile and run masche in windows you will need a gcc compiler. You can use mingw if you are running a 32 bits version of Windows or mingw-64 if you are running a 64 bits one.
Just run go build on the package/example that you want.
It's possible to cross-compile from linux. And this is the recommended way.
- Install a cross compiler (for example,
mingw-w64) - Enable cross compiling in your go toolchain (run
GOOS=windows ./all.bashinside your$GOROOT/srcfolder)
After that you should be able to cross compile masche without problems, just make sure to export the correct global variables: GOOS=windows CGO_ENABLED=1 CC=<your-cross-compiler> (for example: CC=x86_64-w64-ming32-gcc )
Directories
¶
| Path | Synopsis |
|---|---|
|
This program can be used to check if any process is running a given dynamic library.
|
This program can be used to check if any process is running a given dynamic library. |
|
This packages contains an interface for accessing other processes' memory.
|
This packages contains an interface for accessing other processes' memory. |
|
this package provides functions to interact with the os processes You can list all the processes running on the os, filter them via a regexp and then use them from in other masche modules, because they are already open.
|
this package provides functions to interact with the os processes You can list all the processes running on the os, filter them via a regexp and then use them from in other masche modules, because they are already open. |
|
This package contains utility methos for testing
|
This package contains utility methos for testing |