Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

memdump.c
Posted by Anonymous on Thu 20th Oct 2011 09:22
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
/* * Certes * * build avec: * gcc --std=c99 -W -Wall -O2 -o memdump memdump.c * * utiliser avec: * - Trouver adresse de la section intéressante avec /proc/<pid>/maps * - memdump <pid> <adresse> <nombres de bytes> | hexdump -C (ou > dump)... */ #define _LARGEFILE64_SOURCE #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <sys/ptrace.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> #include <sys/wait.h> #include <fcntl.h> int main(int argc, char *argv[]) { long long int adr = 0; int32_t size = 0; int32_t pid = 0; uint8_t byte = 0; // uint32_t word = 0; char buffer[64]; char *endptr; int fd; if(argc != 4) { fprintf(stderr, "Usage %s <pid> <address> <size>\n", argv[0]); exit(1); } pid = atoi(argv[1]); adr = strtoll(argv[2], &endptr, 16); size = atoi(argv[3]); if(adr) { ptrace(PTRACE_ATTACH, pid, NULL, NULL); waitpid(pid, NULL, 0); sprintf(buffer, "/proc/%i/mem", pid); if((fd = open(buffer, O_RDONLY)) > 0) { printf("Reading %i byte(s) from %016llX\n", size, adr); lseek64(fd, adr, SEEK_SET); for(int i = 0; i < size; ++i) { // if(read(fd, (void *)&word, sizeof(uint32_t)) > 0) if(read(fd, (void *)&byte, sizeof(uint8_t)) > 0) { printf("%c", byte); /* * Traitement par word (de 32 bits) affichés par char (de 8 bits) endptr = (char *)&word; for(int j = sizeof(uint32_t); j; --j, endptr++) { printf("%c", *endptr); } printf("'\n");*/ } } printf("\n"); close(fd); } ptrace(PTRACE_DETACH, pid, NULL, NULL); } return 0; }

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at