A Systemwide memory related events monitoring interface for linux.
Memfini is capable of monitoring memory allocations on User space, Kernel space as well as some under looked allocations like PCI device mapping etc. It provides a command line interface with multiple filters, allowing a user to interact with the logs generated & get the required data. Currently, the user will be able to filter the events by individual process, type of access etc.
Read More about usage on wiki here: wiki link
Current version is supported on Linux kernel Version > 5.2.0.
Tested on Ubuntu 20.04 LTS and Debian Buster
- Run
./install.sh installfor installation - Start Memfini by running
memfini --start
Upon starting, Memfini will start logging all the supported events & will be logged in /var/log/memfini.log. Memfini provides basic filters, which can be used to extract required information from the log file.
Note - Kernel memory monitoring is disabled by default. To enable it, change the value of DKERNEL_MONITOR=1 in Makefile
Supported filters -
- PID
- Process Name
- Shared Memory
- Kernel Memory
- Foreign Process
Examples -
memfini --pid 123
memfini --pname procname
Screenshots
NOTE - Remember to stop memfini (memfini --stop), to avoid excessive disk space usage.
- Run
./install.sh uninstallfor removing Memfini.
Warning - This will remove all the logs, recommended to backup.
Memfini is featured in defcon 30: