Skip to content

eurecom-s3/mmushell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
architectures
architectures
 
 
qemu
qemu
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
converter.py
converter.py
 
 
exporter.py
exporter.py
 
 
mmushell.py
mmushell.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

mmushell

MMUShell OS-Agnostic Memory Forensics Tool

Proof of concept for techniques developed by Andrea Oliveri and Davide Balzarotti in

"In the Land of MMUs: Multiarchitecture OS-Agnostic Virtual Memory Forensics"

Installation:

pip install -r requirements.txt

Usage:

  • Dump all the RAM areas of the machine that you want to analyze in raw format, one file per physical memory area.
  • Create a YAML file describing the hardware configuration of the machine (see the examples available in the dataset).
  • mmushell machine.yaml
  • Use the interactive shell to find MMU registers, Radix-Trees, Hash tables etc. and explore them. The help command lists all the possible actions available for the selected CPU architecture.
  • Here part of the dataset containing the memory dumps of the OSs used in the paper (only the open-source ones, due to license restrictions).
  • /qemu/ contains the patch for QEMU 5.0.0 in order to collect the ground truth values of the MMU registers during OSs execution.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

10 stars

Watchers

13 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages