Post Memory Corruption Memory Analyzer
What is it?
Pmcma is a tool aimed at determining if a given software bug
is an exploitable vulnerability by automatically writing an
exploit for it.
Like every powerful tool made by human beings, it is double
edged : it can be used for good or evil.
Is this tool for me ?
Pmcma has a wide range of applications, depending on your use
of computer software.
As an advanced user, you may experience software bugs in the form
of crashes you are able to repeat and would like to report those
bugs to software maintainers. Very often, sadly, they will not
take your bug request very seriously until you prove them it may
have serious security implications. In this case, attaching a
pmcma output to your bug report may convince them to fix the bug
(or not, if pmcma rules it out as non exploitable ;)
As a system administrator, you may find Proof of Concepts or even
proper exploits disclosed in public places such as security mailing
lists or security websites and wonder if your own systems would be
affected by simple modifications of those public codes (that usually
never work "as is" anywhere but on the computer of their author ;)
As a software developer or maintainer, you may experience or be
reported segmentation faults in your software. Pmcma helps you
determine what is happening at assembly level and determine which
bugs are in fact vulnerabilities and should be fixed first.
As a computer security enthusiast, you may want to learn more about
software exploitation and experiment. Way to go !
As a security expert or software hacker well versed in exploit writing,
you may want to automate reverse engineering as much as possible to
spend your time on what is specific to the particular exploit you are
As a script kiddie, you may have found a piece of code you don't
understand on the internet, but are nonetheless decided to go to jail.
In all those cases, and surely many others, Pmcma was probably made
Currently, pmcma is known to work on x86 and x86_64 intel cpus.
Pmcma currently works on GNU/Linux as well as Android.
It has been tested on several Ubuntu, Debian, Fedora and Gentoo
distributions in both 32bit and 64bit.
Try the command:
The Latest Version
The latest version of Pmcma can be found at:
The official website of Pmcma is:
Please see the file called COMPILING.
Please see the file called LICENSE.
Please see the file called AUTHORS.
If you would like to participate to the development
of Pmcma and receive alerts of latest releases, you
can subscribe to the Pmcma mailing list at:
and alternatively visit the website at:
For matters related to Toucan System only, please use:
For urgent security matters, you can contact Jonathan Brossard
using the pgp key below:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----
We wish to thank the following people for their contributions to Pmcma
being it in the form of proper code, whitepaper review, or ideas:
spender, Silvio Cesare, andrewg, bliss, BSDaemon, Ivanlef0u, msuiche,
redsand, nergal, pipacs, mercy, Mark Dowd, twiz, caddis, #hes, #social