MASCHE stands for Memory Analysis Suite for Checking the Harmony of Endpoints. It is being developed as a project for the Mozilla Winter of Security program.
It works on Linux, Mac OS and Windows.
These are the current features:
- listlibs: Searches for processes that have loaded a certain library.
- pgrep: Has the same functionallity as pgrep on linux.
- memaccess/memsearch: Allows access and search into a given process memory.
You can find examples under the examples folder.
You need glibc for 64 and 32 bits installed. On Fedora, the packages are:
In order to compile and run masche in windows you will need a gcc compiler. You can use mingw if you are running a 32 bits version of Windows or mingw-64 if you are running a 64 bits one.
go build on the package/example that you want.
It's possible to cross-compile from linux. And this is the recommended way.
- Install a cross compiler (for example,
- Enable cross compiling in your go toolchain (run
GOOS=windows ./all.bashinside your
After that you should be able to cross compile masche without problems, just make sure to export the correct global variables:
CC=<your-cross-compiler> (for example: