Memory Region Extraction
Aether provides the capability to extract specific target memory regions by defining a custom base address offset and a desired allocation size. The resulting output is structured to allow an analyst to rapidly inspect, parse, and identify suspicious artifacts within that specific range.
This targeted extraction is designed to be utilized as a secondary, post-detection step. Once the primary scanning engine identifies and alerts on a suspicious memory region, the analyst can use this feature to drill down into the specific offset to verify the threat.
./Aether.exe --dump 1234 0x3a932049 0x2000 Terminal Live Readout
Aether supports streaming the contents of the target memory region directly to the terminal interface. This feature eliminates the overhead of writing dump files to disk, allowing for immediate visual inspection of the raw bytes and ASCII structures in real time.
./Aether.exe --read 1234 0x3a932049 0x2000