bash 转储进程的内存
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3342335/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Dump memory of a process
提问by mathk
When reading the /proc/$PID/maps you get the mapped memory regions. Is ther a way to dump one of this regions?
读取 /proc/$PID/maps 时,您将获得映射的内存区域。有没有办法转储这些区域之一?
$ cat /proc/18448/maps
...[snip]...
0059e000-005b1000 r-xp 00000000 08:11 40 /usr/local/lib/libgstlightning.so.0.0.0
005b1000-005b2000 r--p 00012000 08:11 40 /usr/local/lib/libgstlightning.so.0.0.0
005b2000-005b3000 rw-p 00013000 08:11 40 /usr/local/lib/libgstlightning.so.0.0.0
...[snip]...
Thanks
谢谢
回答by Matt Joiner
Nah! Call ptrace()with PTRACE ATTACH. Then open /proc/<pid>/mem, seek to the region offset, and read the length of the region as given in /proc</pid>/maps.
不!打电话ptrace()与PTRACE ATTACH。然后打开/proc/<pid>/mem,寻找区域偏移量,并读取 中给出的区域长度/proc</pid>/maps。
Here's a program I wrotethat does it in C. Here's a module I wrotethat does it in Python (and the ptrace binding). For the finish, a program that dumps all regions of a process to files.
这是我用 C编写的程序。这是我用 Python编写的模块(和 ptrace 绑定)。最后,一个程序将进程的所有区域转储到 files。
Enjoy!
享受!
回答by nmichaels
You can attach gdb to the process then dump memory region of length X words starting at location L with this: x/Xw L.
您可以将GDB的过程,然后倾倒的起始位置l对于这个长度X字的内存区域:x/Xw L。
Attaching gdb when you start your process is simple: gdb ./executablethen run. If you need to attach to a running process, start gdb then gdb attach pidwhere pid is is the process ID you care about.
在您开始流程时附加 gdb 很简单:gdb ./executable然后run. 如果您需要附加到正在运行的进程,请启动 gdb,然后gdb attach pidpid 是您关心的进程 ID。
回答by HymanIT
Using dd(1):
使用 dd(1):
sudo dd if=/dev/mem bs=1 skip=$(( 16#0059e000 - 1 )) \
count=$(( 16#005b1000 - 16#0059e000 + 1)) | hexdump -C
