Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
