Loading ...
Sorry, an error occurred while loading the content.

dumpmem, a toy^H^H^Htool to dump a process's memory

Expand Messages
  • Muli Ben-Yehuda
    check out dumpmem, http://www.mulix.org/code/dumpmem-0.1.tar.gz, a process memory dumper. ./dumpmem ls will dump the memory image of the ls process after it is
    Message 1 of 5 , Nov 6, 2002
    • 0 Attachment
      check out dumpmem, http://www.mulix.org/code/dumpmem-0.1.tar.gz, a
      process memory dumper.

      ./dumpmem ls

      will dump the memory image of the ls process after it is exec'd and
      before it is run. It's not a very hackish hack in the original sense
      of the word, just a ptrace toy. It is a hack in the "hack with an axe"
      sense, especially in the parsing of /proc/pid/maps - I've forgotten
      how cumbersome and ugly parsing a file in C can be. Spoiled by python
      (and perl) I am.

      Comments and patches welcome, of course. Death threats and employment
      offers accepted as well.
      --
      Muli Ben-Yehuda http://www.mulix.org/
      mulix@...:~$ sctrace strace /bin/foo http://syscalltrack.sf.net/
      Quis custodes ipsos custodiet? http://www.mulix.org/cv.html
    • Muli Ben-Yehuda
      ... Proving once again that I should buy stock in companies producing brown paper bags, http://www.mulix.org/code/dumpmem-0.2.tar.gz fixes an embarassing
      Message 2 of 5 , Nov 6, 2002
      • 0 Attachment
        On Wed, Nov 06, 2002 at 11:05:03AM +0200, Muli Ben-Yehuda wrote:
        > check out dumpmem, http://www.mulix.org/code/dumpmem-0.1.tar.gz, a
        > process memory dumper.

        Proving once again that I should buy stock in companies producing
        brown paper bags, http://www.mulix.org/code/dumpmem-0.2.tar.gz fixes
        an embarassing Makefile bug and makes dumpmem tarball actually build.

        Actually, the reasons for the embarassing bug might make an
        interesting post. In a bit.
        --
        Muli Ben-Yehuda http://www.mulix.org/
        mulix@...:~$ sctrace strace /bin/foo http://syscalltrack.sf.net/
        Quis custodes ipsos custodiet? http://www.mulix.org/cv.html
      • Nadav Har'El
        ... Can you give an example of some uses of this tool? -- Nadav Har El | Wednesday, Nov 6 2002, 1 Kislev 5763
        Message 3 of 5 , Nov 6, 2002
        • 0 Attachment
          On Wed, Nov 06, 2002, Muli Ben-Yehuda wrote about "[hackers-il] dumpmem, a toy^H^H^Htool to dump a process's memory":
          > check out dumpmem, http://www.mulix.org/code/dumpmem-0.1.tar.gz, a
          > process memory dumper.
          >
          > ./dumpmem ls
          >
          > will dump the memory image of the ls process after it is exec'd and
          > before it is run. It's not a very hackish hack in the original sense

          Can you give an example of some uses of this tool?

          --
          Nadav Har'El | Wednesday, Nov 6 2002, 1 Kislev 5763
          nyh@... |-----------------------------------------
          Phone: +972-53-245868, ICQ 13349191 |The space between my ears was
          http://nadav.harel.org.il |intentionally left blank.
        • Gilad Ben-Yossef
          ... Stenography. ;-) Gilad. -- Gilad Ben-Yossef http://benyossef.com Denial really is a river in Eygept.
          Message 4 of 5 , Nov 6, 2002
          • 0 Attachment
            On Wed, 2002-11-06 at 13:00, Nadav Har'El wrote:
            > > check out dumpmem, http://www.mulix.org/code/dumpmem-0.1.tar.gz, a
            > > process memory dumper.
            > >
            > > ./dumpmem ls
            > >
            > > will dump the memory image of the ls process after it is exec'd and
            > > before it is run. It's not a very hackish hack in the original sense
            >
            > Can you give an example of some uses of this tool?

            Stenography. ;-)

            Gilad.

            --
            Gilad Ben-Yossef <gilad@...>
            http://benyossef.com
            "Denial really is a river in Eygept."
          • Muli Ben-Yehuda
            ... Right now, it s a toy. If developed further, it could be used for disassembling a program in memory, or for searching a program s memory space for
            Message 5 of 5 , Nov 6, 2002
            • 0 Attachment
              On Wed, Nov 06, 2002 at 01:00:28PM +0200, Nadav Har'El wrote:

              > Can you give an example of some uses of this tool?

              Right now, it's a toy. If developed further, it could be used for
              disassembling a program in memory, or for searching a program's memory
              space for sensitive data. Other uses include debugging and taking a
              snapshot of a program's memory - now that I think of it, it might be
              posssible to implement a limited exec() completely in userspace, by
              replacing the process's memory contents with the memory contents of
              another process. It will certainly be possible to do self modifying
              code tricks. Quite enough for a toy, isn't it? ;-)
              --
              Muli Ben-Yehuda http://www.mulix.org/
              mulix@...:~$ sctrace strace /bin/foo http://syscalltrack.sf.net/
              Quis custodes ipsos custodiet? http://www.mulix.org/cv.html
            Your message has been successfully submitted and would be delivered to recipients shortly.