Memento - a simple rapidly evolving, highly useful memory inspection tool
What is this?
A simple command line utility that can inspect process memory (on Linux and Android, but maybe at some e later time on Darwin (macOS/iOS) if I have the time - though Darwin binary can work well with ELF cores). Takes as an argument the pid and one of several operations - See "Examples".
The main use of this is in its searching - unicode (UTF16) strings, and finding references. This tool is as fast as it can get, since I go over /proc/pid/maps, not the entire address space.
I crafted this for use in my Android explorations, and it really comes in handy in plenty of situations. I hope you find it as useful as well.
New features: Added to support The new Debugging book:
- Operates on cores and/or processes alike (won't patch cores, though)
- Scudo heap walking
- Actively being maintained for pending book release - please check back often
The download link is right here - Tar containing Linux (x86_64 AND arm64), macOS (presently, ELF Core analysis only) and Android (arm64) binaries. Compilation date should be on or later than March 20th, 2025.
Examples
Q&A
- Bug report?? - j@[thisWebSite]
- Feature request?? - j@[thisWebSite]
- Wen Volume III, IV of Android?? - Right after the Debugging book.
- I want to get your book! - Why , thank you! Please use the Amazon link so I get back some of their exorbitant fees..
Changelog
- 03/15/2025 - v2 - MUCH more powerful. Not so simple anymore.
- 12/20/2021 - v0.1
- 12/31/2022 - v0.2 - with Core Dump