PDA

View Full Version : process dumper


fr1end
April 6th, 2005, 05:49
Hi all ...

I am searching for a tool like procdump for linux
or a tool/program/script that can give me the memory dump of a process...

Thanx in Advance
_Fr1end

andrewg
April 6th, 2005, 18:08
There are a couple of alternatives to use, such as fetchmem (http://lcamtuf.coredump.cx/soft/memfetch.tgz), using gdb's dump memorycommand, or writing some stuff yourself using /proc/pid/maps. You might be able to adapt http://reverse.lostrealm.com/tools/xocopy.html as well for example. Kinda depends exactly what you're after

Best bet might be to write your own.. perhaps you could send a SIGSTOP to a process, detach the current debugger, attach the dumper, and reattach the debugger if needed.

0xf001
April 6th, 2005, 19:18
hi!

i can also recommend memfetch. if it hangs try -m option (ie on my 2.6.11 it does) - besides that nice and handy

cheers, 0xf001

fr1end
April 6th, 2005, 23:11
Hi ...

Thanx andrewg && 0xf001,
i shall do a work around with memfetch, On my kernel(2.4.18)

Bye
_fr1end

andrewg
April 23rd, 2005, 03:26
Here is another application that may be of use: hxxp://cryopid.berlios.de/
Also allows you to resume processes etc as well.

To quote,

"Current features are:
* Can run as an ordinary user! (no root privileges needed)
* Works on both 2.4 and 2.6.
* Can start & stop a process multiple times
* Can migrate processes between machines and between kernel versions! (with some restrictions - you must (a) either save all libraries to the image, or ensure libraries are identical on both machines; (b) you need to specify the new code segment using the -c option on the resumer; (c) you cannot move a process running on a 2.6 kernel linked against a TLS-enabled libc (see ldd) to a 2.4 kernel).

Yes, checkpointing software such as this is nothing new, but I was unable to find a tool that worked on Linux that did not require at least one of the following:

* root privileges
* modifications to the kernel
* recompiling/relinking your software
* using an LD_PRELOAD when you start your program.

CryoPID requires none of these and hence can be used as an ordinary user on any Linux machine running a 2.4 or 2.6 kernel (2.2 untested). This will remain one of the main design goals of CryoPID.
"

0xf001
April 23rd, 2005, 18:46
coool!!

... must try that out ... could be of use for a kind of cluster as well I think, hmmm

thx, 0xf001