/pmemdump.sh
Last active Aug 4, 2019
Dump memory of running process
| #!/bin/bash | |
| function pmemdump() | |
| { | |
| # Adapted from: | |
| # https://serverfault.com/questions/173999/dump-a-linux-processs-memory-to-file | |
| # Example output for /proc/xxx/maps: | |
| # d7d90000-d7ed0000 rwxp 00000000 00:00 0 | |
| # d8ab0000-d8bf0000 rwxp 00000000 00:00 0 | |
| # f4111000-f43b9000 rw-s 00000000 00:05 429195289 /SYSV00000000 (deleted) | |
| # f4585000-f46f5000 rw-s 00000000 00:05 428310640 /SYSV00000000 (deleted) | |
| # f4858000-f4b00000 rw-s 00000000 00:05 429293717 /SYSV00000000 (deleted) | |
| # f4b00000-f4b21000 rw-p 00000000 00:00 0 | |
| # f4b21000-f4c00000 ---p 00000000 00:00 0 | |
| # f4c90000-f4e00000 rw-s 00000000 00:05 428015716 /SYSV00000000 (deleted) | |
| # f4e00000-f4e21000 rw-p 00000000 00:00 0 | |
| # f4e21000-f4f00000 ---p 00000000 00:00 0 | |
| # f4f19000-f4f1a000 r--p 00000000 08:21 2622450 /lib/i386-linux-gnu/libnss_dns-2.28.so | |
| # f4f1a000-f4f1e000 r-xp 00001000 08:21 2622450 /lib/i386-linux-gnu/libnss_dns-2.28.so | |
| # f4f1e000-f4f1f000 r--p 00005000 08:21 2622450 /lib/i386-linux-gnu/libnss_dns-2.28.so | |
| local pid=$1 | |
| local folder=$pid-dump-$( date +%Y-%m-%dT%H-%M-%S.%N ) | |
| mkdir -- "$folder" | |
| # The idea behind the cleaner dump is that only in-memory files have a size attached to the memory region | |
| # in contrast to actual application memory, which has size 0 (as the size actually used size is unknown by the OS). | |
| # Also print only the first row with address ranges | |
| cat /proc/$pid/maps > "$folder/map" | |
| sed -n -r 's|([0-9a-f]+)-([0-9a-f]+) .* 0 .*|0x\1 0x\2|p' "$folder/map" | | |
| while read start stop; do | |
| dd if=/proc/$pid/mem bs=$( getconf PAGESIZE ) skip=$(( start )) count=$(( stop - start )) \ | |
| iflag=skip_bytes,count_bytes of="$folder/mem_$start-$stop.bin" | |
| done | |
| } | |
| pmemdump "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment