Gregory's Server@Netux @j3s i use ^Z a lot, the problem with regexes is that they are suposed to run on a limited space in memory. this is, if you use strings is fine, but when searching in memory, the regex expression can expand to read 4GB of memory to find a matching token, and this is not really optimal. Most forensic tools supporting regexes restrict the contents to search in or add limits to the regex engine
|
2 comments
 @Netux @j3s the only way to use procpidmen is via mmap so cat wont work. And yes its possible and desirable to define boundaries when searching on raw memory. Actually the maps file describes the heap, etc so you can use e search.in=io.maps.rw and that would reduce the search to the writable maps. Which is where the user data is stored and avoid scanning the code ir readonly segments |
@pancake @j3s suppose restricting it to the data segment wouldn't be too hard. Not enough experience on the exploit side of things to know if proc makes it easy to do. Cat through awk maybe? Cat is unbuffered, right? I know you can set grep to be.