Script to dump the process memory of a given process on a Linux system to a file

dump_pmem.sh

#!/bin/sh
#
# Version         dump_proc_mem 0.0.1
# Author          Jan Gru
# Copyright       Copyright (c) Jan Gru
# License         GNU General Public License

# Checks, if root permissions
if [ $(id -u) -ne 0 ]
   then echo "Error: needing root permissions!" >&2
  exit 1
fi

# Shows help, if no PID is given
if [ -z "$1" ]
   then
       echo "Usage:"
       echo "\tdump_proc_mem <PID>"
       echo
       echo "Example:"
       echo "\t./dump_proc_mem 1137 > 1337.dmp"
       exit 0
else
   PID=$1
fi

# Temporary file to append memory to
TMP="/tmp/$(date --iso-8601=seconds)_${PID}.dump"

# Reads memory addresses from /proc/<PID>/maps
memory_addresses=$(grep rw-p /proc/${PID}/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1\t\2/p')

# Inform user about acquisition
echo "$(date --iso-8601=seconds)\tStarting acquision of process ${PID}" >&2
echo "$(date --iso-8601=seconds)\tProc cmdline: \"$(cat /proc/$PID/cmdline)\"" >&2
# Loops over the retrieved memory areas and dumps their content to a temporary file
echo "${memory_addresses}" | while read start stop;
do
    echo "$(date --iso-8601=seconds)\tDumping $start - $stop" >&2
    gdb --batch --pid ${PID} -ex "append memory ${TMP} 0x$start 0x$stop" >/dev/null 2>&1
done

# Calculates the hash of the retrieved contents
echo "$(date --iso-8601=seconds)\tResulting SHA512: $(sha512sum ${TMP} | cut -d' ' -f1 -)" >&2

# Cat the dumped content to stdout
cat $TMP