Mailinglist Archive: opensuse-factory (806 mails)

< Previous Next >
[opensuse-factory] Introducing the scanmem package to openSUSE:Factory

I'd like to introduce the scanmem package from devel:tools to you with
the hope to get it included in openSUSE:Factory.

=== Description ===

Scanmem is a simple interactive debugging utility for Linux, used to
locate the address of a variable in an executing process. This can be
used for the analysis or modification of a hostile process on a
compromised machine, user-space live-patching, reverse engineering, or
as a "pokefinder" to cheat at video games.

Since version 0.8, scanmem includes a GUI called GameConqueror. But the
devel:tools maintainers decided not to provide it due to security
reasons (requires pkexec, contains most bugs).

Upstream maintainer: Sebastian Parschauer (me)
Development model: single maintainer homebrew FOSS
License: GPLv3

=== Purpose of having the package ===

To be honest, the tool is mostly used for game cheating. All other
distributions already have it. openSUSE is an ideal platform for game
cheating due to often no hardening of games and no ptrace() restrictions
by default.

This is why two other users have packaged it for openSUSE already.

It can also help in some tricky L3s, for the work in the security team,
or for secure programming.

=== Maintainability ===

Maintaining the package without GameConqueror is really easy for me. The
scanmem executable uses an absolute path to libscanmem. So the lib is
packaged to be located outside of any library search path with
/usr/lib(64)/scanmem/. All that is C code.

Upstreaming fixes is easy as I'm the upstream maintainer as well. I have
a strong passion for homebrew FOSS and game cheating. There are multiple
active contributors. So development will move on. We've achieved a lot
already since I took over upstream maintenance.

Performance is tested by scripting scanmem commands and profiling. It is
gradually improved by inlining functions and avoiding slow ptrace()
where /proc/$pid/mem can be used. Security is checked by security
professionals who review the code and regular Coverity Scan runs.

Most bugs are located in the Python 2/3 GTK 3 GUI this way.

=== Special features ===

The tool also helps to detect the types of memory regions and to bypass
ASLR with its knowledge about the ELF format. It shows the load address
of every writable memory region and provides a match offset so that the
current load address can be re-added the next target process run. This
is used by game trainers with ASLR/PIC/PIE support. The match offsets of
the executable match "objdump -D" output of PIE executables.

I miss such stuff often with user-space crashes without core dump. If
the process is already dead, then a randomized address is quite worthless.


Sebastian from the L3 team
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages