Closed kaarposoft closed 3 months ago
It's a good feature. In theory at least. MemProcFS is dependent on a few different libraries with their own versions. I come to think of three important onces.
MemProcFS itself. LeechCore (physical memory acquisition). FPGA device firmware version (if using PCILeech PCIe DMA backend, otherwise it's not interesting). info.db (cached symbols and built-in yara rules, last update / age would be important here).
I'm not sure if I should list all these versions or just the version of MemProcFS itself. Any ideas? Please let me know and I'll look into it.
As a side note, if using this via the API this information would be available via API calls already.
Maybe a -V option to just show MemProcFs version and a -VV option which show MemProcFs version plus the other points you mention?
I added the option -version
to the new version.
It will print the version of vmm.dll/so which is the main analysis library. If this option is given no guide will be printed if not enough other options are given for a proper start-up.
Can you verify this is indeed working as intended?
Thank you very much - the stdout now looks exactly as expected. However, the return code from the process is 1, where I would have expected 0.
It would be useful, if MemProcFs had an option to show the installed version. This could be -V or -version. Many Linux programs have such an option.