Security/Mentorships/MWoS/2014/Cross-platform memory scanning in Go: Difference between revisions

Security/Mentorships/MWoS/2014/Cross-platform memory scanning in Go (view source)

921 bytes added , 2 August 2014

8

edits

@@ Line 14: / Line 14: @@
 === Success Criteria ===
 == Updates ==
-=== 14/07/2014 ===
+=== 2014-08-01 ===
+Summary of the week:
+* Linux: /proc/<pid>/maps for .so mapped files, and /proc/<pid>/mem for raw memory.
+* Windows has a couple of functions via the Windows API, that can be called with LoadLibrary or CGO. We decided to use CGO because it was easier.
+* Mac: Not so easy, there's a way to get a coredump without killing the process, we can do that to analyze what we want. osxbook has an example.
+* If we use CGO we won't be able to cross-compile. Not a problem.
+* Go has packages for accessing ELF/Mach-O/PE files in the debug package, we can analyze binaries and get more info.
+* We got working examples on Linux and Windows to get a process loaded libraries.
+Plan for next week:
+* Investigate how to get more information about libraries (version number, build, revision, etc)
+* Read more about Mac and how to get the data that we need.
+* Decide on a name for the project
+* Sign committer agreement
+=== 2014-07-14 ===
 * Team presentation
 * Project introduction: MIG and the memory scanner module.
@@ Line 20: / Line 35: @@
 * Agreed on meeting once a week. Meetings scheduled by the team.
 * Plan for the next week: Investigate how to get the information that the memory scanner will provide in linux, windows and OS X.
 === <date> ===