Results 1 to 6 of 6

Thread: process dumper

  1. #1
    fr1end
    Guest

    Lightbulb process dumper

    Hi all ...

    I am searching for a tool like procdump for linux
    or a tool/program/script that can give me the memory dump of a process...

    Thanx in Advance
    _Fr1end
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    There are a couple of alternatives to use, such as fetchmem (http://lcamtuf.coredump.cx/soft/memfetch.tgz), using gdb's dump memorycommand, or writing some stuff yourself using /proc/pid/maps. You might be able to adapt http://reverse.lostrealm.com/tools/xocopy.html as well for example. Kinda depends exactly what you're after

    Best bet might be to write your own.. perhaps you could send a SIGSTOP to a process, detach the current debugger, attach the dumper, and reattach the debugger if needed.
    http://www.felinemenace.org || http://www.pulltheplug.org

  3. #3
    hi!

    i can also recommend memfetch. if it hangs try -m option (ie on my 2.6.11 it does) - besides that nice and handy

    cheers, 0xf001

  4. #4
    fr1end
    Guest
    Hi ...

    Thanx andrewg && 0xf001,
    i shall do a work around with memfetch, On my kernel(2.4.18)

    Bye
    _fr1end
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Here is another application that may be of use: http://cryopid.berlios.de/
    Also allows you to resume processes etc as well.

    To quote,

    "Current features are:
    * Can run as an ordinary user! (no root privileges needed)
    * Works on both 2.4 and 2.6.
    * Can start & stop a process multiple times
    * Can migrate processes between machines and between kernel versions! (with some restrictions - you must (a) either save all libraries to the image, or ensure libraries are identical on both machines; (b) you need to specify the new code segment using the -c option on the resumer; (c) you cannot move a process running on a 2.6 kernel linked against a TLS-enabled libc (see ldd) to a 2.4 kernel).

    Yes, checkpointing software such as this is nothing new, but I was unable to find a tool that worked on Linux that did not require at least one of the following:

    * root privileges
    * modifications to the kernel
    * recompiling/relinking your software
    * using an LD_PRELOAD when you start your program.

    CryoPID requires none of these and hence can be used as an ordinary user on any Linux machine running a 2.4 or 2.6 kernel (2.2 untested). This will remain one of the main design goals of CryoPID.
    "
    http://www.felinemenace.org || http://www.pulltheplug.org

  6. #6
    coool!!

    ... must try that out ... could be of use for a kind of cluster as well I think, hmmm

    thx, 0xf001

Similar Threads

  1. (Yet another) Memory dumper
    By OpenRCE_omega_red in forum Blogs Forum
    Replies: 0
    Last Post: November 16th, 2010, 08:17
  2. dumper
    By stric9 in forum The Newbie Forum
    Replies: 21
    Last Post: January 10th, 2008, 15:15
  3. Coding ASPACK dumper
    By canuckcracker in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: August 3rd, 2004, 10:25
  4. memory dumper
    By Anonymous in forum OllyDbg Support Forums
    Replies: 1
    Last Post: March 23rd, 2003, 07:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •