Security/Mentorships/MWoS/2014/Cross-platform memory scanning in Go: Difference between revisions

Team

Introduction

We are a team of Computer Science students from Argentina, highly motivated by coding, security and free software.

Members

• Agustin Martinez Suñé
• Marco Vanotti
• Nahuel Lascano
• Patricio Palladino
• Professor: Alejandro Furfaro
• Mozilla Advisor: Julien Vehent

Project

Description

Scope

Success Criteria

Updates

2014-08-01

Summary of the week:

• Linux: /proc/<pid>/maps for .so mapped files, and /proc/<pid>/mem for raw memory.
• Windows has a couple of functions via the Windows API, that can be called with LoadLibrary or CGO. We decided to use CGO because it was easier.
• Mac: Not so easy, there's a way to get a coredump without killing the process, we can do that to analyze what we want. osxbook has an example.
• If we use CGO we won't be able to cross-compile. Not a problem.
• Go has packages for accessing ELF/Mach-O/PE files in the debug package, we can analyze binaries and get more info.
• We got working examples on Linux and Windows to get a process loaded libraries.

Plan for next week:

• Investigate how to get more information about libraries (version number, build, revision, etc)
• Read more about Mac and how to get the data that we need.
• Decide on a name for the project
• Sign committer agreement

2014-07-14

• Team presentation
• Project introduction: MIG and the memory scanner module.
• Set deadline: mid/end of December
• Agreed on meeting once a week. Meetings scheduled by the team.
• Plan for the next week: Investigate how to get the information that the memory scanner will provide in linux, windows and OS X.

<date>

• current work
• blocking points
• discussion points
• upcoming work