Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/niklata/shmcat

Dumps the contents of a SysV shared memory segment
https://github.com/niklata/shmcat

posix shm sysv-ipc unix

Last synced: 20 days ago
JSON representation

Dumps the contents of a SysV shared memory segment

Awesome Lists containing this project

README 

        
# shmcat



Copyright (c) 2014-2017 Nicholas J. Kain.



License: MIT



## Introduction



Prints the contents of a SysV shm segment.



## Motivation



SysV shared memory can be used as a persistent store of state that lives

in a separate namespace from the filesystem and the process table.  Thus,

it is not uncommon for it to be used as a covert channel for malware.



It would be useful to be able to examine the contents of shm segments,

but unfortunately there is no standard tool to do so.  shm segments can

easily be listed using the POSIX ipcs utility, but there is no standard

program to dump the contents of a shm segment given a shmid.



shmcat is a very simple program written to fill this gap and make it

easy to analyze the contents of shm segments.



## Building



`gcc -O2 -std=gnu99 shmcat.c -o shmcat`



## Install



Copy to wherever you like.  A good place might be `/usr/local/sbin`.



## Usage



First, find an interesting shmid.  To get a list of all shmids on

the system:



`ipcs -m`



Now, given the :



`shmcat `



The output should be very similar to that of a hex editor.  It can of

course be redirected to a file using standard unix shell facilities.



## Downloads



* [GitLab](https://gitlab.com/niklata/shmcat)

* [Codeberg](https://codeberg.org/niklata/shmcat)

* [BitBucket](https://bitbucket.com/niklata/shmcat)

* [GitHub](https://github.com/niklata/shmcat)