[HN Gopher] Memzoom - view/monitor the raw memory of processes/f... ___________________________________________________________________ Memzoom - view/monitor the raw memory of processes/files in your UTF-8 terminal Author : tsujp Score : 136 points Date : 2022-07-05 15:31 UTC (7 hours ago) (HTM) web link (justine.lol) (TXT) w3m dump (justine.lol) | teddyh wrote: | /usr/libexec/xscreensaver/memscroller | DonHopkins wrote: | Oh cool! That would make a great screen saver, too. ;) | marcodiego wrote: | The code is interesting: | https://github.com/jart/cosmopolitan/blob/master/tool/viz/me... | | Feels really old school. Looks like something from people used to | write DOS programs. | chris1993 wrote: | It's a work of beautiful clarity | mcdonje wrote: | Really digging the retro vibe of the code, man. | naikrovek wrote: | if you mean the straight-forward nature of the code, I agree. | | I think we over-complicate code today because we are promised | ease of maintenance, or high-level declaration, or something | else, and I don't think those promises have ever come true, | except in very small textbook-type examples. | atorodius wrote: | Looks pretty sweet. Not sure what I'd use it for but I love live | updating stuff | T3OU-736 wrote: | Hrm. As a half-bakes thought - if code handles sensitive data, | making sure it is correctly obfuscated in memory? | csdvrx wrote: | This. I'd be nice to have a list of strings to monitor (ex: | half of the ssh private key) and warn when they are found | somewhere, to detect data exfiltration. | fortyseven wrote: | Reverse engineering; getting an idea of what an unknown app | might be doing, and where, so you can trace it back in the | code. And so on. | jart wrote: | I'm loving how half the comments are, "I don't know why I'd ever | need to look at my program's memory?" And folks wonder why things | are so bloated! | jeroenhd wrote: | To be fair, memory profilers and analysers are probably much | easier and more accessible than just raw memory dumps. Modern | tools ranging from Valgrind to the web browser heap analyser is | a lot easier to master than scrolling through megabytes of hex | trying to find an area of memory that's not necessary. | | Even if I were to debug memory using raw hex, I'd probably take | a snapshot and open that in a good hex editor instead of just | watching some blocks blink. | usmannk wrote: | I think the confusing part is the live view of utf-8 encoded | memory scrolling by. As opposed to samples or profiles, which | are more evidently useful to those who aren't doing systems | programming regularly. | naikrovek wrote: | I don't think one needs to view memory contents of their own | program to know what what the memory contents are, roughly, or | to know how to use memory efficiently. | | Debuggers and profilers already exist for the developers of | applications to know these things. | | this tool seems much more useful for the reverse engineer who | is watching memory of a target application visually while they | step in a debugger. this wouldn't even be for reading specific | values of RAM, again the debugger is usually quite good at | that, but instead would be useful to see how things change as | execution continues. | ahartmetz wrote: | I wrote a similar thing with a Qt based GUI that, I think, | exposes a little more information (more of the kernel's page | flags). It reaches a quite respectable update rate for what it's | doing (>=40 fps or so?) and it's fun to watch, though I haven't | found particularly useful, err, uses. | https://github.com/KDAB/QMemstat | jart wrote: | Please put screenshots in your README file. Especially if | they're GIFs. Contact me if you want to know the ffmpeg | commands I used for memzoom. https://discord.gg/thZ9mVu9 | PenguinRevolver wrote: | someone's gonna recreate bad apple on this. | jart wrote: | New release of memzoom pushed to the website. | makeworld wrote: | Can anyone provide an example use case for this? Especially those | different curves. | zamadatix wrote: | The different curves do a good job of preserving locality when | mapping to 2d space. | [deleted] | DrBazza wrote: | Reminds me of *mzap on the bbc micro 40 years ago. | ape4 wrote: | The one executable supports PE+ELF+MachO+ZIP+SH ___________________________________________________________________ (page generated 2022-07-05 23:00 UTC)