Binary Hacks - on inspecting a binary (ELF)
§ dump process virtual memory
- get [pid] of process
- get the memory mappings
cat /proc/[PID]/maps
- identify the memory range of interest
- connect gdb to pid and dump memory:
# perhaps need sudo
gdb --pid [PID]
> dump memory <PATH-TO-DUMP-FILE> [START_ADDR] [END_ADDR]
Then you can exam the dump with tools like hexdump.
§ readelf: get symbols from a specific section
# replace <program> with your binary, and <n> with the section's Ndr shown in
# readelf -S.
readelf -Ws <program> | awk '$7==<N>{print}
/post/bin_01