Memzoom

process/file memory monitor

Download Prebuilt Releases

memzoom-2020-12-28.com
64k - PE+ELF+MachO+ZIP+SH executable

memzoom-2020-12-28.com.dbg
792kb - ELF debug symbols and DWARF data (optional)

Getting Started

curl https://storage.googleapis.com/justine/memzoom/memzoom-latest.com >memzoom.com
chmod +x memzoom.com
./memzoom.com -h                 # show help
./memzoom.com filename           # view binary file
./memzoom.com -p $(pidof htop)   # view process memory

If your terminal uses a white or light-colored background (instead of black) then pass the -w flag.

Memzoom relies on the /proc filesystem to view the memory of active processes, which may require sudo access. If your system doesn't have /proc you can still view binary files.

Linux Notes

If you get an error like "unable to find an interpreter" or "err:module:import_dll Library" then your system has likely been tuned to use binfmt-misc. You can safely restore the default Linux behavior for just Actually Portable Executables by running the following command:

sudo sh -c "echo ':APE:M::MZqFpD::/bin/sh:' >/proc/sys/fs/binfmt_misc/register"

Mac OS X Notes

You may need to run:

bash memzoom.com -h
Instead of:
./memzoom.com -h
This only applies to the first invocation, after which the executable header is patched to have the MachO magic number. It's needed because the recently introduced zsh shell has backwards compatibility issues with UNIX.

Windows Notes

You may need to run:

memzoom.com -h
Instead of:
./memzoom.com -h

OpenBSD Notes

Recent OpenBSD releases might impose restrictions on using your CPU's SYSCALL instruction without authorization from the OpenBSD C Library DSO. Until APE is patched to use syscall() we'd recommend OpenBSD v6.4.

Release History

2020-12-28

2020-11-06