MemProcFS-Analyzer icon indicating copy to clipboard operation
MemProcFS-Analyzer copied to clipboard

Published 20 hours ago verified publisher icon evild3ad

[FEATURE REQUEST] Allow MemProcFS-Analyzer to work offline

Open digitalsleuth opened this issue 1 year ago • 2 comments

I've recently been introduced to MemProcFS-Analyzer and love how powerful it is. One issue I'm having though is that, in order to use the tool, a valid internet connection is required.

While I can understand this from the Microsoft Internet Symbol Store perspective, I believe that, if the rest of the requirements are installed (Kibana, Elasticsearch, Zimmerman tools, et al), the tool should still be able to function, as long as a minimum version of each is installed.

Would you consider an option to determine if the accepted minimums are installed, then continue functioning, otherwise inform the user that updates are required?

Another way to do this would be to add an "Install" param, so that the user can "Install" MemProcFS-Analyzer with all components on an online system (without needing to load a memory dump first) then transfer the folder offline. The user then only needs to get the Symbols for their analysis and, if already installed, can run fully functional in an offline mode.

If this is something you would consider, I would be interested in assisting.

Cheers, and thanks!

digitalsleuth avatar Dec 03 '23 18:12 digitalsleuth

I will have a look what currently uses/needs an Internet connection the next days...but I will definitely put it on my TODO.

You can disable e.g. the "Updater" when you scroll down to the bottom of the script. Simply uncomment "Updater".

evild3ad avatar Dec 03 '23 18:12 evild3ad

I started working on the offline mode. Will be implemented in MemProcFS-Analyzer v1.1. Release planned for early January, 2024.

evild3ad avatar Dec 10 '23 19:12 evild3ad

I released MemProcFS-Analyzer v1.1.0 a minute ago. I have added an offline-mode.

Updater.ps1 is a new standalone script to auto-install MemProcFS-Analyzer and all dependencies (what's possible to automate). All updates are skipped when activating the offline-mode in the GUI.

Note: MemProcFS is possibly checking for symbols on Microsoft servers...what should be no issue I guess.

Let me know when it is not working for you and give me a hint how to make it fit for you. Thx.

evild3ad avatar Sep 03 '24 13:09 evild3ad