Expand description
Linux suspicious memory region detector (malfind).
Scans process VMAs for regions that have suspicious permission combinations — primarily anonymous (non-file-backed) regions with both write and execute permissions, which often indicate injected code.
Functions§
- scan_
malfind - Scan all process VMAs for suspicious memory regions.