{"guid":"import-4a70b3c91995988e51","title":"Post Memory Corruption Memory Analysis","subtitle":"Automating exploitation of invalid memory writes","slug":"28c3-4660-en-post_memory_corruption_memory_analysis","link":"http://events.ccc.de/congress/2011/Fahrplan/events/4660.en.html","description":"Pmcma is a tool aimed at automating the most time consuming taskes of\nexploitation. It for instance determine why an application is triggering\na segmentention fault, evaluate if the faulting instruction can be used\nto write to memory or execute arbitrary code, and list all the function\npointers potentially called from a given point in time by an application.\n\nPmcma is a totally new kind of debugger, which allows for easy\nexperimentation with a process in memory by forcing it to fork. The\nexact replicas of the process created in memory can then be intrumented\nwhile keeping the properties (eg: state of variables, ASLR,\npermissions...) of the original process.\n\nPmcma is an easily extensible framework available under the Apache 2.0\nlicense from http://www.pmcma.org/ .\n","original_language":"eng","persons":["endrazine"],"tags":["28c3"," Hacking"],"view_count":72,"promoted":false,"date":"2011-12-28T01:00:00.000+01:00","release_date":"2012-01-04T01:00:00.000+01:00","updated_at":"2026-04-09T10:45:08.803+02:00","length":3763,"duration":3763,"thumb_url":"https://static.media.ccc.de/media/congress/2011/28c3-4660-en-post_memory_corruption_memory_analysis_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2011/28c3-4660-en-post_memory_corruption_memory_analysis_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2011/import-4a70b3c91995988e51-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2011/import-4a70b3c91995988e51-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/28c3-4660-en-post_memory_corruption_memory_analysis","url":"https://api.media.ccc.de/public/events/import-4a70b3c91995988e51","conference_title":"28C3: behind enemy lines","conference_url":"https://api.media.ccc.de/public/conferences/28c3","related":[{"event_id":1318,"event_guid":"import-b5cb111843cef80e01","weight":1},{"event_id":1580,"event_guid":"import-7cc65ec6f710a801aa","weight":1},{"event_id":1670,"event_guid":"import-eda1ce5993c46fddf0","weight":1},{"event_id":1671,"event_guid":"import-873dcb9212006c08b8","weight":1},{"event_id":1818,"event_guid":"hsTftEgTn8vhPMLEZF2DVA","weight":1},{"event_id":2720,"event_guid":"zboXEMtoT7r3Aurvymmg5Q","weight":1},{"event_id":2886,"event_guid":"088e3078-bab2-433d-8be2-f1a4b37b4d5c","weight":1},{"event_id":4312,"event_guid":"d16501c8-374f-416c-896c-c50daadcc6bc","weight":1},{"event_id":7251,"event_guid":"b69c19ce-7c89-4afd-9396-ea664f80dba7 ","weight":1}],"recordings":[{"size":541,"length":3763,"mime_type":"audio/ogg","language":"eng","filename":"28c3-4660-en-post_memory_corruption_memory_analysis.ogg","state":"downloaded","folder":"ogg-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-31T23:45:43.778+02:00","recording_url":"https://cdn.media.ccc.de/congress/2011/ogg-audio-only/28c3-4660-en-post_memory_corruption_memory_analysis.ogg","url":"https://api.media.ccc.de/public/recordings/2975","event_url":"https://api.media.ccc.de/public/events/import-4a70b3c91995988e51","conference_url":"https://api.media.ccc.de/public/conferences/28c3"},{"size":541,"length":3763,"mime_type":"video/webm","language":"eng","filename":"28c3-4660-en-post_memory_corruption_memory_analysis.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:46.958+01:00","recording_url":"https://cdn.media.ccc.de/congress/2011/webm/28c3-4660-en-post_memory_corruption_memory_analysis.webm","url":"https://api.media.ccc.de/public/recordings/2974","event_url":"https://api.media.ccc.de/public/events/import-4a70b3c91995988e51","conference_url":"https://api.media.ccc.de/public/conferences/28c3"}]}