An Experience Report on Extracting and Viewing Memory Events via Wireshark

Explore a 19-minute conference talk from USENIX WOOT '14 that presents an innovative approach to monitoring low-level memory events using Wireshark. Discover how researchers from the University of Calgary developed Cage, a kernel-level mechanism that translates process memory activity into a packet-like format. Learn about the system's ability to monitor data, stack, and heap memory events, as well as its potential applications in debugging, reverse engineering, vulnerability analysis, and security policy enforcement. Gain insights into the challenges of existing memory trapping systems and how Cage addresses these issues by offering a less invasive and more reliable method of memory interposition. Understand the implications of applying a "network packet" metaphor to memory events and how this approach can enhance program analysis environments.

WOOT '14 - An Experience Report on Extracting and Viewing Memory Events via Wireshark