Peek.bash - get a hex dump of the memory of a running process

peek.bash

#!/bin/bash
# vim: sw=4 ts=4 expandtab
# modifed from https://www.baeldung.com/linux/read-process-memory

err() { echo "$@" >&2 ; exit 1; }
test -z "$1" && err "Usage: $0 <pid>"
test -d "/proc/$1" || err "PID $1 does not exist"

while read -r mem_range perms JUNK ; do
    if [[ "$perms" == "r"* ]]; then
        IFS="-" read start_addr end_addr JUNK <<< "$mem_range"
        start_addr="$(( 16#$start_addr ))" end_addr="$(( 16#$end_addr ))"
        length=$(( $end_addr - $start_addr))

        echo "Reading memory range $mem_range"
        ( set -x; hexdump -C -n $length -s $start_addr < /proc/$1/mem) 2>&1
    fi
done < "/proc/$1/maps"

Sample output:

$ ./peek.sh 101980 | head
Reading memory range 5654c2c36000-5654c2c38000
+ hexdump -C -n 8192 -s 94922044825600
5654c2c36000  7f 45 4c 46 02 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
5654c2c36010  03 00 3e 00 01 00 00 00  90 2b 00 00 00 00 00 00  |..>......+......|
5654c2c36020  40 00 00 00 00 00 00 00  58 86 00 00 00 00 00 00  |@.......X.......|
5654c2c36030  00 00 00 00 40 00 38 00  0d 00 40 00 1e 00 1d 00  |....@.8...@.....|
5654c2c36040  06 00 00 00 04 00 00 00  40 00 00 00 00 00 00 00  |........@.......|
5654c2c36050  40 00 00 00 00 00 00 00  40 00 00 00 00 00 00 00  |@.......@.......|
5654c2c36060  d8 02 00 00 00 00 00 00  d8 02 00 00 00 00 00 00  |................|
5654c2c36070  08 00 00 00 00 00 00 00  03 00 00 00 04 00 00 00  |................|