memshonk is an experimental command-line debugger companion that tries to
fill the functionality gaps between debuggers. Think of it as a cross
between gdb, rizin, and Cheat Engine. It is not meant to replace
a debugger, but supplement it.
Please note that memshonk is in its very early stages of development. There are bugs and missing functionality.
For a detailed demo of memshonk, watch this video.
Otherwise, a text-based demo of memshonk can be found below.
Start memshonk by pointing it at a project file:
$ memshonk -p examples/vim.txt
(short-seal) $Attach to the target program identified by the project file (the process' PID appears in the shell prompt once attached):
(short-seal) $ attach
attached to "vim.exe", pid: 49564, base addr: 0x100400000
(short-seal) [49564] $Search for a string in memory. The result is the address where it was found:
(short-seal) [49564] $ scan -d string hello
searching..............................................................
0x10079ed7cRead and overwrite memory at that address:
(short-seal) [49564] $ readm -a 0x10079ed7c -s 5 -d raw
000000010079ed81 68 65 6c 6c 6f |hello |
(short-seal) [49564] $ writem -a 0x10079ed7c -d raw -v world
(short-seal) [49564] $ readm -a 0x10079ed7c -s 5 -d raw
000000010079ed81 77 6f 72 6c 64 |world |- Read, write, and watch memory in real time
- View process memory mappings and permissions
- Search memory based on data type or byte patterns
- Run side-by-side with your favorite debugger on Linux and Windows
- Text-based UI via sh-like shell provides access to external programs (e.g. grep, cat, ls), pipes, job control / backgrounding, shell history, reverse search, and tab completion
- Multi-session support allows multiple clients. Great for providing multiple windows or for debugging with friends
- Client-daemon architecture allows for long-running debugging sessions and protection against accidental exits or lack of tools like tmux
- Project files make it easy to attach to a program by its executable file name, set pre-defined variables, and automatically load plugins
- Plugin support via shared libraries (
.so,.dllfiles)- A Rust library named
mskitis provided as a building block - Users can specify optional automation to run when reloading plugins, making it easy to, for example, recompile a plugin from source
- A Rust library named
- Scripting interface via
mruncommand provides access to memshonk commands using a POSIX shell syntax
memshonk supports the following operating systems:
- FreeBSD
- Linux
- Windows
Support for other Unix-like OSes is definitely possible. We just have not had time to work on that.
Prebuilt executables are not currently provided. To build from source, refer to the Development document.
- Commands
- For a full list of commands and help topics, run
helporhelp [TOPIC]in memshonk
- For a full list of commands and help topics, run
- Configuration file examples
- Plugins
- Design and security model
- Development documentation
- Future plans, limitations, and known issues
We would like to acknowledge and thank the following people and projects for their work on various libraries and code that memshonk depends on. memshonk would not be possible without their awesome work:
- awgh for their work on a Go-based PE file parser which enabled us to parse PE file symbols using the Go standard library. Our plugin system relies on exported library symbols. Without awgh's code, we would not be able to parse plugin symbols on Windows
- ChenYe and
Daniel Martí for respectively developing the
github.com/chzyer/readlineandgithub.zcwsr.com/mvdan/shlibraries, which enabled us to build a very powerful shell with minimal dependencies - Grumble project for providing an easy-to-use shell / TUI library that allowed us to get memshonk started. memshonk would not be where it is today without grumble
- Igor Café for their
xxlibrary which became the basis for ourinternal/hexdumplibrary - Leonid Bugaev for their
gotermlibrary which we have forked intointernal/vendored/goterm - Mahmud "hjr265" Ridwan for their
ptraceGo library work which served as the basis for ourinternal/ptracelibrary - Nominal Animal for their very
detailed explanation of
ptrace(2)and its many byzantine rules - purego project for enabling use of shared libraries in Go and giving us an opportunity to build a really neat plugin system