Created
January 29, 2021 22:51
-
-
Save Riebart/b192d3a11c068fddca18c7a1091a3aa3 to your computer and use it in GitHub Desktop.
Adapted from Stackoverflow, a Python script to dump the memory of a process.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Source: https://stackoverflow.com/questions/12977179/reading-living-process-memory-without-interrupting-it | |
# | |
# Adapted to be python3 | |
import os | |
import re | |
import sys | |
def print_memory_of_pid(pid, only_writable=True): | |
""" | |
Run as root, take an integer PID and return the contents of memory to STDOUT | |
""" | |
stdout_b = os.fdopen(sys.stdout.fileno(), 'wb') | |
memory_permissions = 'rw' if only_writable else 'r-' | |
sys.stderr.write("PID = %d" % pid) | |
with open("/proc/%d/maps" % pid, 'r') as maps_file: | |
with open("/proc/%d/mem" % pid, 'rb', 0) as mem_file: | |
for line in maps_file.readlines(): # for each mapped region | |
m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r][-w])', line) | |
if m.group(3) == memory_permissions: | |
sys.stderr.write("\nOK : \n" + line+"\n") | |
start = int(m.group(1), 16) | |
if start > 0xFFFFFFFFFFFF: | |
continue | |
end = int(m.group(2), 16) | |
sys.stderr.write( "start = " + str(start) + "\n") | |
mem_file.seek(start) # seek to region start | |
chunk = mem_file.read(end - start) # read region contents | |
stdout_b.write(chunk) # dump contents to standard output | |
else: | |
sys.stderr.write("\nPASS : \n" + line+"\n") | |
if __name__ == '__main__': # Execute this code when run from the commandline. | |
try: | |
assert len(sys.argv) == 2, "Provide exactly 1 PID (process ID)" | |
pid = int(sys.argv[1]) | |
print_memory_of_pid(pid) | |
except (AssertionError, ValueError) as e: | |
print("Please provide 1 PID as a commandline argument.") | |
print("You entered: %s" % ' '.join(sys.argv)) | |
raise e |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment