Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mozilla/masche

Deprecated - MIG Memory Forensic library
https://github.com/mozilla/masche

Last synced: about 17 hours ago
JSON representation

Deprecated - MIG Memory Forensic library

Host: GitHub
URL: https://github.com/mozilla/masche
Owner: mozilla
License: mpl-2.0
Archived: true
Created: 2014-08-08T15:42:46.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2022-01-12T17:55:04.000Z (almost 3 years ago)
Last Synced: 2024-05-22T19:57:30.360Z (6 months ago)
Language: Go
Homepage:
Size: 2.68 MB
Stars: 387
Watchers: 52
Forks: 46
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

MASCHE
======
![MASCHE image (Javier Mascherano)](http://i.imgur.com/V3EMjswm.jpg)
**MIG Memory Forensic library**

⚠️ Deprecation Notice ⚠️
-------------------------

Mozilla is no longer maintaining the Mozilla InvestiGator (MIG) project.

Mozilla is also no longer making use of this code internally.

You are welcome to use this code as is with no warranty. Please fork it to continue development.

**MASCHE** stands for **Memory Analysis Suite for Checking the Harmony of Endpoints**. It is being developed as a project for the *Mozilla Winter of Security program*.

It works on **Linux**, **Mac OS** and **Windows**.

These are the current features:

* listlibs: Searches for processes that have loaded a certain library.
* pgrep: Has the same functionallity as pgrep on linux.
* memaccess/memsearch: Allows access and search into a given process memory.

You can find examples under the examples folder.

## Compiling

You need `golang` installed.

### Linux
You need glibc for 64 and 32 bits installed. On Fedora, the packages are:
* glibc-devel.i686
* glibc-devel.x86_64
* glibc-headers.i686
* glibc-headers.x86_64
* glibc.i686
* glibc.x86_64

### Windows

In order to compile and run masche in windows you will need a gcc compiler. You can use mingw if you are running a 32 bits version of Windows or mingw-64 if you are running a 64 bits one.
Just run `go build` on the package/example that you want.

It's possible to cross-compile from linux. And this is the recommended way.
* Install a cross compiler (for example, `mingw-w64`)
* Enable cross compiling in your go toolchain (run `GOOS=windows ./all.bash` inside your `$GOROOT/src` folder)

After that you should be able to cross compile masche without problems, just make sure to export the correct global variables: `GOOS=windows` `CGO_ENABLED=1` `CC=` (for example: `CC=x86_64-w64-ming32-gcc` )