Closed AurelienConte closed 3 months ago
MemProcFS unfortunately only supports analysis of Windows systems and memory related to Windows systems.
MemProcFS does not support the analysis of Linux systems. For analysis of Linux systems I'd have to recommend Volatility.
With that being said, MemProcFS runs fine on Linux, but still only analyzing Windows targets.
PCILeech have some support for Linux, i.e. kernel injections etc.
Main reason for not fully supporting Linux in MemProcFS is time. This is a side project of mine. I have a normal job to take care of as well, and keeping Windows memory analysis up-to-date and adding new things to it is already taking a lot of time. Due to this I unfortunately don't have any plans on supporting analysis of Linux memory systems with this tool currently.
Thanks for understanding and best wishes with your memory analysis.
Hi !
I'm getting some problems right now on initializing the device with VMMDLL_Initialize method.
My target computer as an AMD processor and a Linux distribution ( Ubuntu like )
I have read this documentation : https://github.com/ufrisk/LeechCore/wiki/Device_FPGA_AMD_Thunderbolt
Saying that i need to provide a mmap.txt containing the adresses ranges of my physical memory
Otherwise, on linux i can not use Rammap and i'm trying to figure out how to generate this file. I was playing with the file "/proc/iomem" but i don't know if it's good or not.
Actually when initializing with verbose flags i'm getting this error :
Previously, i was testing it against the same target but on windows and with Rammap i was able to generate the good mmap.txt and being able to init the device.
Any advice to help me ?
Thanks in advance !