[HN Gopher] Memzoom - view/monitor the raw memory of processes/f...
___________________________________________________________________
Memzoom - view/monitor the raw memory of processes/files in your
UTF-8 terminal
Author : tsujp
Score : 136 points
Date : 2022-07-05 15:31 UTC (7 hours ago)
(HTM) web link (justine.lol)
(TXT) w3m dump (justine.lol)
| teddyh wrote:
| /usr/libexec/xscreensaver/memscroller
| DonHopkins wrote:
| Oh cool! That would make a great screen saver, too. ;)
| marcodiego wrote:
| The code is interesting:
| https://github.com/jart/cosmopolitan/blob/master/tool/viz/me...
|
| Feels really old school. Looks like something from people used to
| write DOS programs.
| chris1993 wrote:
| It's a work of beautiful clarity
| mcdonje wrote:
| Really digging the retro vibe of the code, man.
| naikrovek wrote:
| if you mean the straight-forward nature of the code, I agree.
|
| I think we over-complicate code today because we are promised
| ease of maintenance, or high-level declaration, or something
| else, and I don't think those promises have ever come true,
| except in very small textbook-type examples.
| atorodius wrote:
| Looks pretty sweet. Not sure what I'd use it for but I love live
| updating stuff
| T3OU-736 wrote:
| Hrm. As a half-bakes thought - if code handles sensitive data,
| making sure it is correctly obfuscated in memory?
| csdvrx wrote:
| This. I'd be nice to have a list of strings to monitor (ex:
| half of the ssh private key) and warn when they are found
| somewhere, to detect data exfiltration.
| fortyseven wrote:
| Reverse engineering; getting an idea of what an unknown app
| might be doing, and where, so you can trace it back in the
| code. And so on.
| jart wrote:
| I'm loving how half the comments are, "I don't know why I'd ever
| need to look at my program's memory?" And folks wonder why things
| are so bloated!
| jeroenhd wrote:
| To be fair, memory profilers and analysers are probably much
| easier and more accessible than just raw memory dumps. Modern
| tools ranging from Valgrind to the web browser heap analyser is
| a lot easier to master than scrolling through megabytes of hex
| trying to find an area of memory that's not necessary.
|
| Even if I were to debug memory using raw hex, I'd probably take
| a snapshot and open that in a good hex editor instead of just
| watching some blocks blink.
| usmannk wrote:
| I think the confusing part is the live view of utf-8 encoded
| memory scrolling by. As opposed to samples or profiles, which
| are more evidently useful to those who aren't doing systems
| programming regularly.
| naikrovek wrote:
| I don't think one needs to view memory contents of their own
| program to know what what the memory contents are, roughly, or
| to know how to use memory efficiently.
|
| Debuggers and profilers already exist for the developers of
| applications to know these things.
|
| this tool seems much more useful for the reverse engineer who
| is watching memory of a target application visually while they
| step in a debugger. this wouldn't even be for reading specific
| values of RAM, again the debugger is usually quite good at
| that, but instead would be useful to see how things change as
| execution continues.
| ahartmetz wrote:
| I wrote a similar thing with a Qt based GUI that, I think,
| exposes a little more information (more of the kernel's page
| flags). It reaches a quite respectable update rate for what it's
| doing (>=40 fps or so?) and it's fun to watch, though I haven't
| found particularly useful, err, uses.
| https://github.com/KDAB/QMemstat
| jart wrote:
| Please put screenshots in your README file. Especially if
| they're GIFs. Contact me if you want to know the ffmpeg
| commands I used for memzoom. https://discord.gg/thZ9mVu9
| PenguinRevolver wrote:
| someone's gonna recreate bad apple on this.
| jart wrote:
| New release of memzoom pushed to the website.
| makeworld wrote:
| Can anyone provide an example use case for this? Especially those
| different curves.
| zamadatix wrote:
| The different curves do a good job of preserving locality when
| mapping to 2d space.
| [deleted]
| DrBazza wrote:
| Reminds me of *mzap on the bbc micro 40 years ago.
| ape4 wrote:
| The one executable supports PE+ELF+MachO+ZIP+SH
___________________________________________________________________
(page generated 2022-07-05 23:00 UTC)