Skip to content

Instantly share code, notes, and snippets.



Forked from ntrrgc/
Created Apr 6, 2014
What would you like to do?
#!/usr/bin/env python
from __future__ import print_function
import sys
import os
import re
import ctypes
import argparse
ulseek = ctypes.cdll[''].lseek
ulseek.restype = ctypes.c_uint64
ulseek.argtypes = [ctypes.c_int, ctypes.c_uint64, ctypes.c_int]
def seek_set(fd, pos):
# lseek casting to 64-bit unsigned
ret = ulseek(fd, pos, os.SEEK_SET)
if ctypes.get_errno() != 0:
raise OSError(ctypes.get_errno())
def dump(pid, out):
# Adapted from
maps_file = open("/proc/%d/maps" % pid, 'r')
mem_file ="/proc/%d/mem" % pid, os.O_RDONLY)
for line in maps_file.readlines(): # for each mapped region
m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
if == 'r': # if this is a readable region
start = int(, 16)
end = int(, 16)
# seek to region start
seek_set(mem_file, start)
# read region contents
chunk =, end - start)
# dump contents to standard output
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Dumps a process' memory")
parser.add_argument('pid', type=int)
args = parser.parse_args()
if sys.stdout.isatty():
print("Refusing to dump memory to a tty. Use a pipe.", file=sys.stderr)
if sys.version_info >= (3, ):
stdout = sys.stdout.buffer
stdout = sys.stdout
dump(, stdout)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment