From 35b417653424722704b8f699ef6ad6b43cbcfa65 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Wed, 4 Jan 2017 11:47:36 +0100 Subject: [PATCH] [dumpram] script pour dumper la RAM d'un PID. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Honteusement pompé sur Internet, il me semble. --- dumpram.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100755 dumpram.py diff --git a/dumpram.py b/dumpram.py new file mode 100755 index 0000000..c75e480 --- /dev/null +++ b/dumpram.py @@ -0,0 +1,22 @@ +#! /usr/bin/env python + +"""Dumps RAM of a process.""" + +import re +import sys + +PID = sys.argv[1] + +maps_file = open("/proc/%s/maps" % PID, 'r') +mem_file = open("/proc/%s/mem" % PID, 'r', 0) + +for line in maps_file.readlines(): # for each mapped region + m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line) + if m.group(3) == 'r': # if this is a readable region + start = int(m.group(1), 16) + end = int(m.group(2), 16) + mem_file.seek(start) # seek to region start + chunk = mem_file.read(end - start) # read region contents + print chunk, # dump contents to standard output +maps_file.close() +mem_file.close() -- 2.39.2