/*
 * Certes
 *
 * build avec:
 *      gcc --std=c99 -W -Wall -O2 -o memdump memdump.c
 *
 * utiliser avec:
 *      - Trouver adresse de la section intéressante avec /proc/<pid>/maps
 *      - memdump <pid> <adresse> <nombres de bytes> | hexdump -C (ou > dump)...
 */   
#define _LARGEFILE64_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/ptrace.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/wait.h>
#include <fcntl.h>

int main(int argc, char *argv[])
{
    long long int adr = 0;
    int32_t size = 0;
    int32_t pid  = 0;
    uint8_t byte = 0;
//    uint32_t word = 0;
    char buffer[64];
    char *endptr;
    int fd;

    if(argc != 4)
    {
        fprintf(stderr, "Usage %s <pid> <address> <size>\n", argv[0]);
        exit(1);
    }

    pid  = atoi(argv[1]);
    adr  = strtoll(argv[2], &endptr, 16);
    size = atoi(argv[3]);

    if(adr)
    {
        ptrace(PTRACE_ATTACH, pid, NULL, NULL);
        waitpid(pid, NULL, 0);
        sprintf(buffer, "/proc/%i/mem", pid);
        if((fd = open(buffer, O_RDONLY)) > 0)
        {
            printf("Reading %i byte(s) from %016llX\n", size, adr);
            lseek64(fd, adr, SEEK_SET);
            for(int i = 0; i < size; ++i)
            {
//                if(read(fd, (void *)&word, sizeof(uint32_t)) > 0)
                if(read(fd, (void *)&byte, sizeof(uint8_t)) > 0)
                {
                    printf("%c", byte);
                    /*
                     * Traitement par word (de 32 bits) affichés par char (de 8 bits)
                    endptr = (char *)&word;
                    for(int j = sizeof(uint32_t); j; --j, endptr++)
                    {
                        printf("%c", *endptr);
                    }
                    printf("'\n");*/
                }
            }
            printf("\n");
            close(fd);
        }
        ptrace(PTRACE_DETACH, pid, NULL, NULL);
    }
    return 0;
}