Secure Memory Protection Monitor
Compile-time safety with no hidden control flow
Features • Installation • Usage • Security
NullSec MemGuard is a Secure memory protection monitor written in Zig. It analyzes process memory mappings to detect security issues like W+X regions, shellcode injection, and memory corruption vulnerabilities.
- 🔬 Memory Analysis - Comprehensive process memory inspection
- 🛡️ W+X Detection - Find writable+executable memory regions
- 🔍 Shellcode Detection - Identify anonymous executable memory
- 📊 Security Scoring - Categorized severity findings
- ⚡ Zero Overhead - Native performance, no runtime
┌─────────────────────────────────────────────┐
│ NullSec MemGuard v2.0.0 │
├─────────────────────────────────────────────┤
│ ✓ Compile-time Memory Safety │
│ ✓ No Hidden Control Flow │
│ ✓ No Null Pointers (Optional Types) │
│ ✓ Compile-time Bounds Checking │
│ ✓ Checked Arithmetic (Safe Integers) │
│ ✓ Explicit Allocator Management │
│ ✓ No Hidden Allocations │
└─────────────────────────────────────────────┘
| Feature | Benefit |
|---|---|
| Compile-time execution | Validation at compile time |
| No hidden control flow | Explicit error handling |
| Optional types | No null pointer dereferences |
| Bounds checking | Prevents buffer overflows |
| Explicit allocators | Memory ownership clarity |
# Clone the repository
git clone https://github.com/bad-antics/nullsec-memguard.git
cd nullsec-memguard
# Build with Zig
zig build -Doptimize=ReleaseSafe
# Or build optimized
zig build -Doptimize=ReleaseFast- Zig 0.11.0 or later
- Linux (uses /proc filesystem)
# Analyze a process by PID
sudo ./zig-out/bin/nullsec-memguard 1234
# Analyze current shell
./nullsec-memguard $$
# Show help
./nullsec-memguard --help
# Show version
./nullsec-memguard --version███╗ ███╗███████╗███╗ ███╗ ██████╗ ██╗ ██╗ █████╗ ██████╗ ██████╗
████╗ ████║██╔════╝████╗ ████║██╔════╝ ██║ ██║██╔══██╗██╔══██╗██╔══██╗
██╔████╔██║█████╗ ██╔████╔██║██║ ███╗██║ ██║███████║██████╔╝██║ ██║
██║╚██╔╝██║██╔══╝ ██║╚██╔╝██║██║ ██║██║ ██║██╔══██║██╔══██╗██║ ██║
██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝
bad-antics • Memory Protection Monitor
[*] Analyzing process 1234...
[*] Memory Map Summary
Total Regions: 142
Total Memory: 847249408 bytes (808 MB)
Executable: 12 regions
W+X Regions: 1 regions
[*] Security Findings
Critical: 1
High: 2
Total: 3
[CRITICAL] W+X Memory
Address: 0x00007f8a12340000
Writable and executable memory region detected - potential code injection
[HIGH] Anonymous Exec
Address: 0x00007f8a45670000
Anonymous executable memory - possible shellcode or JIT
[CRITICAL] Critical security issues detected!
| Category | Severity | Description |
|---|---|---|
| W+X Memory | Critical | Writable and executable regions |
| Stack/Heap Exec | Critical | Executable stack or heap |
| Anonymous Exec | High | Unmapped executable memory |
| Temp Exec | Medium | Code loaded from /tmp or /dev/shm |
# Debug build (with safety checks)
zig build
# Release with safety
zig build -Doptimize=ReleaseSafe
# Release fast (maximum performance)
zig build -Doptimize=ReleaseFast
# Small binary
zig build -Doptimize=ReleaseSmall
# Run tests
zig build testNullSec Proprietary License - See LICENSE file for details.
bad-antics
- GitHub: @bad-antics
- Website: bad-antics.github.io
- Twitter: x.com/AnonAntics
Part of the NullSec Security Framework
"Compile-time safety without runtime overhead"