View Full Version : process dumper
fr1end
04-06-2005, 06:49 AM
Hi all ...
I am searching for a tool like procdump for linux
or a tool/program/script that can give me the memory dump of a process...
Thanx in Advance
_Fr1end
andrewg
04-06-2005, 07:08 PM
There are a couple of alternatives to use, such as fetchmem (http://lcamtuf.coredump.cx/soft/memfetch.tgz), using gdb's dump memorycommand, or writing some stuff yourself using /proc/pid/maps. You might be able to adapt http://reverse.lostrealm.com/tools/xocopy.html as well for example. Kinda depends exactly what you're after
Best bet might be to write your own.. perhaps you could send a SIGSTOP to a process, detach the current debugger, attach the dumper, and reattach the debugger if needed.
0xf001
04-06-2005, 08:18 PM
hi!
i can also recommend memfetch. if it hangs try -m option (ie on my 2.6.11 it does) - besides that nice and handy
cheers, 0xf001
fr1end
04-07-2005, 12:11 AM
Hi ...
Thanx andrewg && 0xf001,
i shall do a work around with memfetch, On my kernel(2.4.18)
Bye
_fr1end
andrewg
04-23-2005, 04:26 AM
Here is another application that may be of use: hxxp://cryopid.berlios.de/
Also allows you to resume processes etc as well.
To quote,
"Current features are:
* Can run as an ordinary user! (no root privileges needed)
* Works on both 2.4 and 2.6.
* Can start & stop a process multiple times
* Can migrate processes between machines and between kernel versions! (with some restrictions - you must (a) either save all libraries to the image, or ensure libraries are identical on both machines; (b) you need to specify the new code segment using the -c option on the resumer; (c) you cannot move a process running on a 2.6 kernel linked against a TLS-enabled libc (see ldd) to a 2.4 kernel).
Yes, checkpointing software such as this is nothing new, but I was unable to find a tool that worked on Linux that did not require at least one of the following:
* root privileges
* modifications to the kernel
* recompiling/relinking your software
* using an LD_PRELOAD when you start your program.
CryoPID requires none of these and hence can be used as an ordinary user on any Linux machine running a 2.4 or 2.6 kernel (2.2 untested). This will remain one of the main design goals of CryoPID.
"
0xf001
04-23-2005, 07:46 PM
coool!!
... must try that out ...
could be of use for a kind of cluster as well I think, hmmm
thx, 0xf001
vBulletin® v3.7.4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.