Binary Hacks - Dump process virtual memory
- get [pid] of process
- get the memory mappings
cat /proc/[PID]/maps
- identify the memory range of interest
- connect gdb to pid and dump memory:
# perhaps need sudo
gdb --pid [PID]
> dump memory <PATH-TO-DUMP-FILE> [START_ADDR] [END_ADDR]
Then you can exam the dump with tools like hexdump.
[+] click to leave a comment [+]
the comment system on this blog works via email. The button below will generate a mailto: link based on this page's url and invoke your email client - please edit the comment there! [optional] even better, encrypt the email with my public key - don't modify the subject field - specify a nickname, otherwise your comment will be shown as anonymous - your email address will not be disclosed - you agree that the comment is to be made public. - to take down a comment, send the request via email.>> SEND COMMENT <<