How to dump the memory of a process linux

#!/bin/bash
grep rw-p /proc/$1/maps \
| sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' \
| while read start stop; do \
gdb --batch --pid $1 -ex \
"dump memory $1-$start-$stop.dump 0x$start 0x$stop"; \
done

put this in a file (eg. "dump-all-memory-of-pid.sh") and make it executable
usage: ./dump-all-memory-of-pid.sh [pid]
The output is printed to files with the names: pid-startaddress-stopaddress.dump
Dependencies: gdb

get the pid of your process

pgrep -uroot process

dump the process's memory

mkdir /tmp/process_dump && cd /tmp/process_dump
sh /path/to/dump-all-memory-of-pid.sh [pid]

Done

Auteur : Harlok

2020-11-18 10:37:19

Comments

Add a Comment

Login or Register to post a Comment.

Homepage