PMCMA: Post Memory Corruption Memory Analysis

From: Jonathan Brossard <>
Subject: PMCMA: Post Memory Corruption Memory Analysis

Dear list,

We are glad to announce the first public release of pmcma (Post Memory
Corruption Memory Analyzer), a tool first presented at Blackhat US
earlier this year. More information at .

--[ Synopsis:

  Pmcma aims at automating exploitation of invalid memory writes (being
  them the consequences of an overflow in a writable section, of a
  missing format string, integer overflow, variable misuse, or any
  other type of memory corruption).

  This is typically usefull in determining if a given bug is a security
  vulnerability (if it is exploitable at all, and with which

--[ What is it ?

  Pmcma is a tool aimed at determining if a given software bug
  is an exploitable vulnerability by automatically writting an
  exploit for it.

  Like every powerful tool made by human beings, it is double
  edged : it can be used for good or evil.

--[ How does it work ?

  In a nutshell, pmcma is a ptrace based debugger, currently working on
  GNU/Linux x86 and x86_64 Intel cpus. The core innovation resides in
  the mk_fork() technique. Pmcma typically attaches to a given process,
  and waits until a segmentation fault occurs. It then injects a small
  shellcode inside this process to force it to fork a great number of
  times. In each of the offspring processes created (which are exact
  replicates of the original one in terms of mapping as well as state of
  its variables), it attempts to overwrite a different memory location
  with a canari value (such as 0xf1f2f3f4, which is typically a pointer
  to kernel land, and therefore not executable from userland), clears
  signals (effectively ignoring the segfault), and continues execution.
  If one of those processes happens to segfault again while trying to
  execute an address corresponding to the canari value, then we have
  found a function pointer.

--[ Is this tool for me ?

  Pmcma has a wide range of applications, depending on your use
  of computer software.

  As an advanced user, you may experience software bugs in the form
  of crashes you are able to repeat and would like to report those
  bugs to software maintainers. Very often, sadly, they will not
  take your bug request very seriously untill you prove them it may
  have serious security implications. In this case, attaching a
  pmcma output to your bug report may convince them to fix the bug
  (or not, if pmcma rules it out as non exploitable ;)

  As a system administrator, you may find Proof of Concepts or even
  proper exploits disclosed in public places such as security mailing
  lists or security websites and wonder if your own systems would be
  affected by simple modifications of those public codes (that usually
  never work "as is" anywhere but on the computer of their author ;)

  As a software developper or maintainer, you may experience or be
  reported segmentation faults in your software. Pmcma helps you
  determine what is happening at assembly level and determine which
  bugs are in fact vulnerabilities and should be fixed first.

  As a computer security enthousiat, you may want to learn more about
  software exploitation and experiment. Way to go !

  As a security expert or software hacker well vered in exploit
  you may want to automate reverse engineering as much as possible to
  spend your time on what is specific to the particular exploit you are

  As a script kiddie, you may have found a piece of code you don't
  understand on the internet, but are nonetheless decided to go to jail.

  In all those cases, and surely many others, Pmcma was probably made
  for you.

 --[ Supported platforms:

  Currently, pmcma is known to work on x86 and x86_64 intel cpus.
  Pmcma currently works on GNU/Linux as well as Android.
  It has been tested on several Ubuntu, Debian, Fedora and Gentoo
  distributions in both 32b and 64b.

--[ Licensing:

  Pmcma is free software. It is licensed under the Apache 2.0 license.

--[ Where do I get it ?

  The official home page of pmcma is :

Thanks and regards,

Jonathan Brossard

Copyright © 1995-2020 All rights reserved.