Welcome to Coreography

Coreography is an open source utility for browsing memory images. Originally, it was intended as a tool for assisting in the analysis of core dumps. However, the tool has been expanded to parse any ELF based memory image, including core dumps and ELF libraries, object files, and executables, and even live processes.

With this utility, users are able to view segments of memory in their entirety or limited to selected parts. There is functionality to display all printable strings (similar to strings(1)), or even to search for specific strings or any arbitrary data.

Coreography was designed to work well with other pre-existing diagnostic tools. Information learned from using coreography can be used, by itself, or in conjunction with similar utilities (such as the binutils) in the process of reverse engineering or a variety of other activities.

This utility was written with simplicity in mind. It is both simple to use and simple in its functionality. This allows users to apply it to their own purposes. Users can come up with uses for coreography that are outside of its original intent. For example, coreography can be used for some scripted virus detection due to its simplicity.