Reading living process memory without interrupting it
I would like to explore the memory of a living process, and when I do so, the process must not get disturbed - so attaching gdb to the process (which would stop it) is not a
-
If you have root access and are on a linux system, you can use the following linux script (adapted from Gilles' excellent unix.stackexchange.com answer and the answer originally given in the question above but including SyntaxErrors and not being pythonic):
#!/usr/bin/env python import re import sys def print_memory_of_pid(pid, only_writable=True): """ Run as root, take an integer PID and return the contents of memory to STDOUT """ memory_permissions = 'rw' if only_writable else 'r-' sys.stderr.write("PID = %d" % pid) with open("/proc/%d/maps" % pid, 'r') as maps_file: with open("/proc/%d/mem" % pid, 'r', 0) as mem_file: for line in maps_file.readlines(): # for each mapped region m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r][-w])', line) if m.group(3) == memory_permissions: sys.stderr.write("\nOK : \n" + line+"\n") start = int(m.group(1), 16) if start > 0xFFFFFFFFFFFF: continue end = int(m.group(2), 16) sys.stderr.write( "start = " + str(start) + "\n") mem_file.seek(start) # seek to region start chunk = mem_file.read(end - start) # read region contents print chunk, # dump contents to standard output else: sys.stderr.write("\nPASS : \n" + line+"\n") if __name__ == '__main__': # Execute this code when run from the commandline. try: assert len(sys.argv) == 2, "Provide exactly 1 PID (process ID)" pid = int(sys.argv[1]) print_memory_of_pid(pid) except (AssertionError, ValueError) as e: print "Please provide 1 PID as a commandline argument." print "You entered: %s" % ' '.join(sys.argv) raise eIf you save this as write_mem.py, you can run this (with python2.6 or 2.7) or early in python2.5 (if you add
from __future__ import with_statement) as:sudo python write_mem.py 1234 > pid1234_memory_dumpto dump pid1234 memory to the file pid1234_memory_dump.
加载中...
- 热议问题