get current process memory mapping on Linux

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: get current process memory mapping on Linux
    namespace: host-interation/process
    authors:
      - mehunhoff@google.com
    scopes:
      static: basic block
      dynamic: call
  features:
    - and:
      - or:
        - os: linux
        - os: android
      - match: create or open file
      - string: "/proc/self/maps"

last edited: 2024-06-11 18:10:57