MemProcFS v2.6 releases: The Memory Process File System
The Memory Process File System:
The Memory Process File System (MemProcFS) is an easy and convenient way of accessing physical memory as files a virtual file system.
Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access physical memory content and artefacts via files in a mounted virtual file system or via a feature-rich .dll application library to include in your own projects!
Use your favorite tools to analyze memory – use your favorite hex editors, your python and powershell scripts, your disassemblers – all will work trivially with the Memory Process File System by just reading and writing files!
Include the Memory Process File System in your Python or C/C++ programming projects! Almost everything in the Memory Process File System is exposed via an easy-to-use API for use in your own projects! The Plugin friendly architecture allows users to easily extend the Memory Process File System with native C .DLL plugins or Python .py plugins – providing additional analysis capabilities!
Fast and easy memory analysis via mounted file system:
No matter if you have no prior knowledge of memory analysis or are an advanced user the Memory Process File System (and the API) may be useful! Click around the memory objects in the file system
Extensive Python and C/C++ API:
Everything in the Memory Process File System is exposed as APIs. APIs exist for both C/C++ vmmdll.h and Python vmmpy.py. The file system itself is made available virtually via the API without the need to mount it. Specialized process analysis and process alteration functionality are made easy by calling API functionality. It is possible to read both virtual process memory as well as physical memory! The example below shows reading 0x20 bytes from physical address 0x1000:
Modular Plugin Architecture:
Anyone is able to extend the Memory Process File System with custom plugins! It is as easy as dropping a python file in the correct directory or compiling a tiny C DLL. Existing functionality is already implemented as well documented C and Python plugins!
- Additional performance optimizations.
- Support for process long names (previously capped to 15 chars), image path and command line.
- New module: SysInfo – system information including OS version number and process tree with command line.
Copyright (C) 2018 Ufrisk