3 个仓库
Tools for reading and displaying raw memory regions of a running process in hex or ASCII formats.
Distinct from Structured Memory Dumping: Existing candidates focus on container dumps, credential theft, or parsing existing dump files, not the live dumping of memory ranges.
Explore 3 awesome GitHub repositories matching operating systems & systems programming · Process Memory Dumping. Refine with filters or upvote what's useful.
Vimspector is a visual debugger integration for Vim that enables developers to step through code and inspect program state without leaving the editor. It utilizes the Debug Adapter Protocol to provide a unified interface for debugging multiple programming languages through various debug adapters. The project distinguishes itself by supporting low-level analysis and specialized environments, including bare metal hardware debugging for microcontrollers and the ability to perform disassembly analysis and process memory dumping. It also provides remote debugging capabilities by proxying requests
Reads and displays hex and ASCII dumps of process memory for specific variables or memory addresses.
MimiPenguin 是一个 Linux 内存凭据提取和密码恢复工具,旨在从活动进程内存中隔离并检索明文用户登录密码。它作为一种后渗透工具,用于在安全评估期间从桌面用户会话中提取敏感凭据。 该工具通过分析系统进程内存来识别和隔离凭据,从而执行 Linux 内存取证。它用于安全渗透测试、评估与基于内存的攻击相关的风险,以及测试本地权限提升。 该系统通过转储运行中进程的虚拟内存来定位用户会话内存。它利用基于模式的内存扫描、启发式密码识别和明文凭据隔离,从二进制数据中区分出潜在的密码。
Reads the virtual memory of running user processes by accessing system-level memory interfaces to extract raw data.
Clutch is a command-line utility designed for security research on jailbroken mobile devices. It functions as a specialized toolkit for identifying, decrypting, and extracting installed mobile application binaries to facilitate manual code inspection and vulnerability assessment. The tool provides capabilities for removing platform-level encryption from protected software, allowing researchers to isolate core executable files from application bundles. By performing memory-mapped file dumping and reconstructing binary headers, it enables the conversion of protected applications into portable,
Dumps raw data from process memory after the system loader has performed initial decryption.