A small script to dump the memory of a process
| #!/bin/bash | |
| # Name: mem_dump.sh | |
| # Description: A small script to dump the memory of a process | |
| # Author: Thomas Cope | |
| # --- | |
| if [[ $# -ne 2 ]] | |
| then | |
| cat << EOF | |
| ./mem_dump.sh pid dryrun | |
| PID = PID you want to dump | |
| dryrun = "yes" to just print the GDB commands or "no" to run gdb to dump the memory | |
| Example: | |
| ./mem_dump.sh 1234 no | |
| EOF | |
| exit 1 | |
| fi | |
| crit() { echo "./mem_dump.sh : error : $1" && exit 2; } | |
| command -v gdb > /dev/null 2>&1 | |
| [[ $? -ne 0 ]] && crit "GDB is required and was not found" | |
| [[ -z $1 ]] && crit 'Please specify the PID of the process as $1' | |
| [[ ! -d /proc/$1 ]] && crit "Pid $1 not found" | |
| export dryrun=$2 | |
| dumpit() { | |
| startAddr=$(echo "$2" | awk -F "-" '{print $1}') | |
| endAddr=$(echo "$2" | awk -F "-" '{print $2}'|cut -d " " -f1) | |
| dumpFile="/tmp/mem_dump_pid_$1_${startAddr}-${endAddr}.mem" | |
| if [[ $dryrun == "yes" ]] | |
| then | |
| echo "dump memory $dumpFile 0x$startAddr 0x$endAddr" | |
| else | |
| gdb --batch -pid $1 -ex "dump memory $dumpFile 0x$startAddr 0x$endAddr" 2&>1 >/dev/null | |
| if [ -f "$dumpFile" ]; then | |
| echo "Memory dump pid:$1 data:${startAddr}-${endAddr} OK! Please see: $dumpFile" | |
| else | |
| crit "Failed to dump $1" | |
| fi | |
| fi | |
| } | |
| echo "Dumping Stack..." | |
| dumpit "$1" "$(grep '\[stack\]' /proc/$1/maps)" | |
| echo "Dumping Heap..." | |
| dumpit "$1" "$(grep '\[heap\]' /proc/$1/maps)" | |
| echo "Dumping Program..." | |
| while read p; do | |
| dumpit "$1" "$p" | |
| done < <(grep $(readlink -f /proc/$1/exe) /proc/$1/maps) | |
| echo Done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment