[dumpram] script pour dumper la RAM d'un PID.

author Vincent Le Gallic <legallic@crans.org>

Wed, 4 Jan 2017 10:47:36 +0000 (11:47 +0100)

committer Vincent Le Gallic <legallic@crans.org>

Wed, 4 Jan 2017 10:48:03 +0000 (11:48 +0100)
author Vincent Le Gallic <legallic@crans.org>
Wed, 4 Jan 2017 10:47:36 +0000 (11:47 +0100)
committer Vincent Le Gallic <legallic@crans.org>
Wed, 4 Jan 2017 10:48:03 +0000 (11:48 +0100)
diff --git a/dumpram.py b/dumpram.py

new file mode 100755 (executable)

index 0000000..c75e480
--- /dev/null
+++ b/dumpram.py
@@ -0,0 +1,22 @@
+#! /usr/bin/env python
+
+"""Dumps RAM of a process."""
+
+import re
+import sys
+
+PID = sys.argv[1]
+
+maps_file = open("/proc/%s/maps" % PID, 'r')
+mem_file = open("/proc/%s/mem" % PID, 'r', 0)
+
+for line in maps_file.readlines():  # for each mapped region
+    m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
+    if m.group(3) == 'r':  # if this is a readable region
+        start = int(m.group(1), 16)
+        end = int(m.group(2), 16)
+        mem_file.seek(start)  # seek to region start
+        chunk = mem_file.read(end - start)  # read region contents
+        print chunk,  # dump contents to standard output
+maps_file.close()
+mem_file.close()
author	Vincent Le Gallic <legallic@crans.org>
	Wed, 4 Jan 2017 10:47:36 +0000 (11:47 +0100)
committer	Vincent Le Gallic <legallic@crans.org>
	Wed, 4 Jan 2017 10:48:03 +0000 (11:48 +0100)