ssnkhan/vboxmemdump.sh

## vboxmemdump.sh
#!/bin/bash
#Simple script for VirtuaBox memory extraction
# Usage: vboxmemdump.sh <VM name>
# See https://www.andreafortuna.org/2017/06/23/how-to-extract-a-ram-dump-from-a-running-virtualbox-machine/

VBoxManage debugvm $1 dumpvmcore --filename=$1.elf

size=0x$(objdump -h $1.elf|egrep -w "(Idx|load1)" | tr -s " " |  cut -d " " -f 4)
off=0x$(echo "obase=16;ibase=16;`objdump -h $1.elf|egrep -w "(Idx|load1)" | tr -s " " |  cut -d " " -f 7 | tr /a-z/ /A-Z/`" | bc)
head -c $(($size+$off)) $1.elf|tail -c +$(($off+1)) > $1.raw

rm $1.elf
	#!/bin/bash
	#Simple script for VirtuaBox memory extraction
	# Usage: vboxmemdump.sh <VM name>
	# See https://www.andreafortuna.org/2017/06/23/how-to-extract-a-ram-dump-from-a-running-virtualbox-machine/

	VBoxManage debugvm $1 dumpvmcore --filename=$1.elf

	size=0x$(objdump -h $1.elf\|egrep -w "(Idx\|load1)" \| tr -s " " \| cut -d " " -f 4)
	off=0x$(echo "obase=16;ibase=16;`objdump -h $1.elf\|egrep -w "(Idx\|load1)" \| tr -s " " \| cut -d " " -f 7 \| tr /a-z/ /A-Z/`" \| bc)
	head -c $(($size+$off)) $1.elf\|tail -c +$(($off+1)) > $1.raw

	rm $1.elf