Last active
November 7, 2017 06:41
-
-
Save adiog/3175c3e8b39fe1b9325a82ae13c85414 to your computer and use it in GitHub Desktop.
memdump64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <limits.h> | |
#include <sys/ptrace.h> | |
#include <sys/wait.h> | |
void dump_memory_region(FILE* pMemFile, unsigned long start_address, long length) | |
{ | |
unsigned long address; | |
int pageLength = 4096; | |
unsigned char page[pageLength]; | |
fseeko(pMemFile, start_address, SEEK_SET); | |
for (address=start_address; address < start_address + length; address += pageLength) | |
{ | |
fread(&page, 1, pageLength, pMemFile); | |
fwrite(&page, 1, pageLength, stdout); | |
} | |
} | |
int main(int argc, char **argv) | |
{ | |
#ifndef SKIP_REGION_SEPARATOR | |
char zero[16] = {0}; | |
#endif | |
if (argc == 2) | |
{ | |
int pid = atoi(argv[1]); | |
long ptraceResult = ptrace(PTRACE_ATTACH, pid, NULL, NULL); | |
if (ptraceResult < 0) | |
{ | |
printf("Unable to attach to the pid specified\n"); | |
exit(-1); | |
} | |
wait(NULL); | |
char mapsFilename[1024]; | |
sprintf(mapsFilename, "/proc/%s/maps", argv[1]); | |
FILE* pMapsFile = fopen(mapsFilename, "r"); | |
char memFilename[1024]; | |
sprintf(memFilename, "/proc/%s/mem", argv[1]); | |
FILE* pMemFile = fopen(memFilename, "r"); | |
char line[256]; | |
while (fgets(line, 256, pMapsFile) != NULL) | |
{ | |
unsigned long start_address; | |
unsigned long end_address; | |
sscanf(line, "%016lx-%016lx\n", &start_address, &end_address); | |
#ifndef SKIP_REGION_SEPARATOR | |
fprintf(stdout, "=====REGION====="); | |
fprintf(stdout, "%016lx%016lx", start_address, end_address); | |
#endif | |
dump_memory_region(pMemFile, start_address, end_address - start_address); | |
#ifndef SKIP_REGION_SEPARATOR | |
fprintf(stdout, "=====REGION====="); | |
write(zero, 1, 16, stdout); | |
#endif | |
} | |
fclose(pMapsFile); | |
fclose(pMemFile); | |
ptrace(PTRACE_CONT, pid, NULL, NULL); | |
ptrace(PTRACE_DETACH, pid, NULL, NULL); | |
} | |
else | |
{ | |
printf("%s <pid>\n", argv[0]); | |
} | |
exit(0); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment