memdump-1.01000755 001751 000000 00000000000 07775054712 013470 5ustar00wietsewheel000000 000000 memdump-1.01/convert_size.c000644 001751 000000 00000002570 07734634725 016434 0ustar00wietsewheel000000 000000 /*++ /* NAME /* convert_size 3 /* SUMMARY /* string to size conversion /* SYNOPSIS /* #include /* /* size_t convert_size(str) /* const char *str; /* DESCRIPTION /* convert_size() converts its argument to internal form. if the /* argument ends in 'k', 'm' or 'g' the result is multiplied by /* 1024 (1K), 1048576 (1M), 1073741824 (1G), respectively. /* The suffix is case insensitive. /* SEE ALSO /* error(3) error reporting module. /* DIAGNOSTICS /* The result is negative in case of error. /* LICENSE /* This software is distributed under the IBM Public License. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ /* System library. */ #include #include /* Application-specific. */ #include "convert_size.h" /* convert_size - convert size to number */ size_t convert_size(const char *str) { char *last; size_t result; result = strtoul(str, &last, 10); if (*str == 0 || last == str) return (-1); if (*last == 0) /* no suffix */ return (result); if (last[1] != 0) /* malformed suffix */ return (-1); if (*last == 'k' || *last == 'K') return (result * 1024); if (*last == 'm' || *last == 'M') return (result * 1024 * 1024); if (*last == 'g' || *last == 'G') return (result * 1024 * 1024 * 1024); return (-1); /* unknown suffix */ } memdump-1.01/Makefile000644 001751 000000 00000001770 07734635223 015211 0ustar00wietsewheel000000 000000 SHELL = /bin/sh CC = gcc -Wformat -Wunused OPT = -O DEBUG = -g PROGS = memdump CFLAGS = $(OPT) $(DEBUG) -I. $(XFLAGS) $(DEFS) OBJS = memdump.o convert_size.o error.o mymalloc.o PROGS = memdump MAN = memdump.1 what: @sh makedefs all: $(PROGS) manpages: $(MAN) memdump: $(OBJS) $(CC) $(CFLAGS) -o $@ $(OBJS) $(SYSLIBS) memdump.1: memdump.c srctoman $? >$@ clean: rm -f $(PROGS) *.o core *.core depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile; \ set -e; for i in [a-z][a-z0-9]*.c; do \ $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \ -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \ done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile # do not edit below this line - it is generated by 'make depend' convert_size.o: convert_size.c convert_size.o: convert_size.h error.o: error.c error.o: error.h memdump.o: memdump.c memdump.o: convert_size.h memdump.o: error.h memdump.o: mymalloc.h mymalloc.o: mymalloc.c mymalloc.o: error.h mymalloc.o: mymalloc.h memdump-1.01/README000644 001751 000000 00000002370 07775056670 014436 0ustar00wietsewheel000000 000000 memdump - memory dumper for UNIX-like systems. What can you expect to find in a system memory dump? Bits from the operating system, from running processes, and from every file and directory that has been accessed recently. Depending on the operating system you may even find some information from deleted files and exited processes, although that information tends to be short-lived. To dump physical memory: memdump | nc host port memdump | openssl s_client -connect host:port For best results send output off-host over the network. Writing to file risks clobbering all the memory in the file system cache. Use netcat, stunnel, or openssl, depending on your requirements. With the exception of Linux, dumping UNIX system memory is a tricky business because /dev/mem has holes that one has to carefully skip around in order not to read nonsense or even miss information. See the memdump.1 manual page for detailed documentation. Be sure to pay attention to all the warnings. It is easy to produce an invalid result or to lock up the machine really hard. This software was tested on Linux, Solaris, FreeBSD, OpenBSD, and is distributed under the IBM Public License. Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA memdump-1.01/memdump.1000644 001751 000000 00000006332 07775054442 015301 0ustar00wietsewheel000000 000000 .TH MEMDUMP 1 .ad .fi .SH NAME memdump \- memory dumper .SH SYNOPSIS .na .nf .ad .fi \fBmemdump\fR [\fB-kv\fR] [\fB-b \fIbuffer_size\fR] [\fB-d \fIdump_size\fR] [\fB-m \fImap_file\fR] [\fB-p \fIpage_size\fR] .SH DESCRIPTION .ad .fi This program dumps system memory to the standard output stream, skipping over holes in memory maps. By default, the program dumps the contents of physical memory (\fB/dev/mem\fR). Output is in the form of a raw dump; if necessary, use the \fB-m\fR option to capture memory layout information. Output should be sent off-host over the network, to avoid changing all the memory in the file system cache. Use netcat, stunnel, or openssl, depending on your requirements. The size arguments below understand the \fBk\fR (kilo) \fBm\fR (mega) and \fBg\fR (giga) suffixes. Suffixes are case insensitive. Options .IP \fB-k\fR Attempt to dump kernel memory (\fB/dev/kmem\fR) rather than physical memory. .sp Warning: this can lock up the system to the point that you have to use the power switch (for example, Solaris 8 on 64-bit SPARC). .sp Warning: this produces bogus results on Linux 2.2 kernels. .sp Warning: this is very slow on 64-bit machines because the entire memory address range has to be searched. .sp Warning: kernel virtual memory mappings change frequently. Depending on the operating system, mappings smaller than \fIpage_size\fR or \fIbuffer_size\fR may be missed or may be reported incorrectly. .IP "\fB-b \fIbuffer_size\fR (default: 0)" Number of bytes per memory read operation. By default, the program uses the \fIpage_size\fR value. .sp Warning: a too large read buffer size causes memory to be missed on FreeBSD or Solaris. .IP "\fB-d \fIdump-size\fR (default: 0)" Number of memory bytes to dump. By default, the program runs until the memory device reports an end-of-file (Linux), or until it has dumped from \fB/dev/mem\fR as much memory as reported present by the kernel (FreeBSD, Solaris), or until pointer wrap-around happens. .sp Warning: a too large value causes the program to spend a lot of time skipping over non-existent memory on Solaris systems. .sp Warning: a too large value causes the program to copy non-existent data on FreeBSD systems. .IP "\fB-m\fR \fImap_file\fR" Write the memory map to \fImap_file\fR, one entry per line. Specify \fB-m-\fR to write to the standard error stream. Each map entry consists of a region start address and the first address beyond that region. Addresses are separated by space, and are printed as hexadecimal numbers (0xhhhh). .IP "\fB-p \fIpage_size\fR (default: 0)" Use \fIpage_size\fR as the memory page size. By default the program uses the system page size. .sp Warning: a too large page size causes memory to be missed while skipping over holes in memory. .IP \fB-v\fR Enable verbose logging for debugging purposes. Multiple \fB-v\fR options make the program more verbose. .SH BUGS .ad .fi On many hardware platforms the firmware (boot PROM, BIOS, etc.) takes away some memory. This memory is not accessible through \fB/dev/mem\fR. This program should produce output in a format that supports structure information such as ELF. .SH LICENSE .na .nf This software is distributed under the IBM Public License. .SH AUTHOR .na .nf Wietse Venema IBM T.J. Watson Research P.O. Box 704 USA memdump-1.01/convert_size.h000644 001751 000000 00000000643 07734634512 016432 0ustar00wietsewheel000000 000000 /*++ /* NAME /* convert_size 3h /* SUMMARY /* string to size conversion /* SYNOPSIS /* #include /* DESCRIPTION /* .nf /* * External interface. */ extern size_t convert_size(const char *); /* LICENSE /* .ad /* .fi /* The IBM Public License must be distributed with this software. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ memdump-1.01/error.c000644 001751 000000 00000007112 07734564537 015053 0ustar00wietsewheel000000 000000 /*++ /* NAME /* error 3 /* SUMMARY /* diagnostics handlers /* SYNOPSIS /* #include /* /* void error(format, ...) /* char *format; /* /* void remark(format, ...) /* char *format; /* /* void panic(format, ...) /* char *format; /* /* char *progname; /* int verbose; /* DESCRIPTION /* This module reports diagnostics. Each routine produces a one-line /* record with the program name and a caller-provided informative /* message. In the format string, %m is replaced by the text that /* corresponds to the present \fBerrno\fR value. /* /* error() writes a message to the standard error stream and /* terminates the process with a non-zero exit status. /* /* remark() writes a message to the standard error stream. /* /* panic() writes a message to the standard error stream and /* forces a core dump. /* /* progname is a global variable that the application should /* assign the program name. The initial value is a pointer to /* the string \fB"unknown"\fR. /* /* verbose is a global variable (initially, zero), that exists /* solely for the convenience of the application. Typical usage /* is like: /* /* .ti +5 /* if (verbose) remark(...); /* SEE ALSO /* errno(2) error numbers /* HISTORY /* error() and remark() appear in "Software Tools" by B.W. Kernighan /* and P.J. Plaugher. /* LICENSE /* This software is distributed under the IBM Public License. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ /* System library. */ #include #include #include #include #ifdef __STDC__ #include #define VARARGS(func,type,arg) func(type arg, ...) #define VASTART(ap,type,name) va_start(ap,name) #define VAEND(ap) va_end(ap) #else #include #define VARARGS(func,type,arg) func(va_alist) va_dcl #define VASTART(ap,type,name) {type name; va_start(ap); name = va_arg(ap, type) #define VAEND(ap) va_end(ap);} #endif /* Utility library. */ #include "error.h" char *progname = "unknown"; int verbose = 0; /* percentm - replace %m by error message associated with value in err */ char *percentm(buf, str, err) char *buf; char *str; int err; { char *ip = str; char *op = buf; while (*ip) { switch (*ip) { case '%': switch (ip[1]) { case '\0': /* don't fall off end */ *op++ = *ip++; break; case 'm': /* replace %m */ strcpy(op, strerror(err)); op += strlen(op); ip += 2; break; default: /* leave % alone */ *op++ = *ip++, *op++ = *ip++; break; } default: *op++ = *ip++; } } *op = 0; return (buf); } /* error - print warning on stderr and terminate */ void VARARGS(error, char *, fmt) { va_list ap; int err = errno; char buf[BUFSIZ]; VASTART(ap, char *, fmt); fprintf(stderr, "%s: ", progname); vfprintf(stderr, percentm(buf, fmt, err), ap); fprintf(stderr, "\n"); VAEND(ap); exit(1); } /* remark - print warning on stderr and continue */ void VARARGS(remark, char *, fmt) { va_list ap; int err = errno; char buf[BUFSIZ]; VASTART(ap, char *, fmt); fprintf(stderr, "%s: ", progname); vfprintf(stderr, percentm(buf, fmt, err), ap); fprintf(stderr, "\n"); VAEND(ap); } /* panic - print warning on stderr and dump core */ void VARARGS(panic, char *, fmt) { va_list ap; int err = errno; char buf[BUFSIZ]; VASTART(ap, char *, fmt); fprintf(stderr, "%s: ", progname); vfprintf(stderr, percentm(buf, fmt, err), ap); fprintf(stderr, "\n"); VAEND(ap); abort(); } memdump-1.01/error.h000644 001751 000000 00000001422 07653476471 015055 0ustar00wietsewheel000000 000000 /*++ /* NAME /* error 3h /* SUMMARY /* diagnostics handlers /* SYNOPSIS /* #include /* DESCRIPTION /* .nf /* * External interface. */ #ifndef PRINTFLIKE #if __GNUC__ == 2 && __GNUC_MINOR__ >= 7 #define PRINTFLIKE(x,y) __attribute__ ((format (printf, (x), (y)))) #else #define PRINTFLIKE(x,y) #endif #endif extern void PRINTFLIKE(1, 2) remark(char *,...); extern void PRINTFLIKE(1, 2) error(char *,...); extern void PRINTFLIKE(1, 2) panic(char *,...); extern char *progname; extern int verbose; #ifdef MISSING_STRERROR extern const char *strerror(int); #endif /* LICENSE /* .ad /* .fi /* The IBM Public License must be distributed with this software. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ memdump-1.01/LICENSE000644 001751 000000 00000027262 07141136250 014546 0ustar00wietsewheel000000 000000 IBM PUBLIC LICENSE VERSION 1.0 - CORONER TOOLKIT UTILITIES THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 1. DEFINITIONS "Contribution" means: a) in the case of International Business Machines Corporation ("IBM"), the Original Program, and b) in the case of each Contributor, i) changes to the Program, and ii) additions to the Program; where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program. "Contributor" means IBM and any other entity that distributes the Program. "Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program. "Original Program" means the original version of the software accompanying this Agreement as released by IBM, including source code, object code and documentation, if any. "Program" means the Original Program and Contributions. "Recipient" means anyone who receives the Program under this Agreement, including all Contributors. 2. GRANT OF RIGHTS a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form. b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder. c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program. d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement. 3. REQUIREMENTS A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that: a) it complies with the terms and conditions of this Agreement; and b) its license agreement: i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose; ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits; iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. When the Program is made available in source code form: a) it must be made available under this Agreement; and b) a copy of this Agreement must be included with each copy of the Program. Each Contributor must include the following in a conspicuous location in the Program: Copyright (c) 1997,1998,1999, International Business Machines Corporation and others. All Rights Reserved. In addition, each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution. 4. COMMERCIAL DISTRIBUTION Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense. For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages. 5. NO WARRANTY EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations. 6. DISCLAIMER OF LIABILITY EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. GENERAL If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, If Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed. All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive. IBM may publish new versions (including revisions) of this Agreement from time to time. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. No one other than IBM has the right to modify this Agreement. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved. This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation. memdump-1.01/makedefs000644 001751 000000 00000002225 10305162714 015233 0ustar00wietsewheel000000 000000 SYSTEM=`(uname -s) 2>/dev/null` RELEASE=`(uname -r) 2>/dev/null` case "$SYSTEM.$RELEASE" in FreeBSD.2*) DEFS="-DFREEBSD2" ;; FreeBSD.3*) DEFS="-DFREEBSD3" ;; FreeBSD.4*) DEFS="-DFREEBSD4" ;; FreeBSD.5*) DEFS="-DFREEBSD5" ;; FreeBSD.6*) DEFS="-DFREEBSD6" ;; FreeBSD.7*) DEFS="-DFREEBSD7" ;; OpenBSD.2*) DEFS="-DOPENBSD2" ;; OpenBSD.3*) DEFS="-DOPENBSD3" ;; BSD/OS.2*) DEFS="-DBSDI2" ;; BSD/OS.3*) DEFS="-DBSDI3" ;; BSD/OS.4*) DEFS="-DBSDI4" ;; SunOS.5.[0-5]*) DEFS="-DSUNOS5 -DUSE_PREAD" RANLIB=":" ;; SunOS.5*) DEFS="-DSUNOS5 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" RANLIB=":" ;; Linux.2.4*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" ;; Linux.2*) DEFS="-DLINUX2" ;; *) echo unsupported system: $SYSTEM.$RELEASE 1>&2; exit 1 ;; esac unset MAKELEVEL # shut up chatty GNU make make DEFS="$DEFS" CC="${CC-gcc -Wunused}" RANLIB="${RANLIB-ranlib}" \ AR="${AR-ar rv}" SYSLIBS="$SYSLIBS" all memdump-1.01/memdump.c000644 001751 000000 00000027170 10305162762 015352 0ustar00wietsewheel000000 000000 /*++ /* NAME /* memdump 1 /* SUMMARY /* memory dumper /* SYNOPSIS /* .ad /* .fi /* \fBmemdump\fR [\fB-kv\fR] [\fB-b \fIbuffer_size\fR] /* [\fB-d \fIdump_size\fR] [\fB-m \fImap_file\fR] [\fB-p \fIpage_size\fR] /* DESCRIPTION /* This program dumps system memory to the standard output stream, /* skipping over holes in memory maps. /* By default, the program dumps the contents of physical memory /* (\fB/dev/mem\fR). /* /* Output is in the form of a raw dump; if necessary, use the \fB-m\fR /* option to capture memory layout information. /* /* Output should be sent off-host over the network, to avoid changing /* all the memory in the file system cache. Use netcat, stunnel, or /* openssl, depending on your requirements. /* /* The size arguments below understand the \fBk\fR (kilo) \fBm\fR (mega) /* and \fBg\fR (giga) suffixes. Suffixes are case insensitive. /* /* Options /* .IP \fB-k\fR /* Attempt to dump kernel memory (\fB/dev/kmem\fR) rather than physical /* memory. /* .sp /* Warning: this can lock up the system to the point that you have /* to use the power switch (for example, Solaris 8 on 64-bit SPARC). /* .sp /* Warning: this produces bogus results on Linux 2.2 kernels. /* .sp /* Warning: this is very slow on 64-bit machines because the entire /* memory address range has to be searched. /* .sp /* Warning: kernel virtual memory mappings change frequently. Depending /* on the operating system, mappings smaller than \fIpage_size\fR or /* \fIbuffer_size\fR may be missed or may be reported incorrectly. /* .IP "\fB-b \fIbuffer_size\fR (default: 0)" /* Number of bytes per memory read operation. By default, the program /* uses the \fIpage_size\fR value. /* .sp /* Warning: a too large read buffer size causes memory to be missed on /* FreeBSD or Solaris. /* .IP "\fB-d \fIdump-size\fR (default: 0)" /* Number of memory bytes to dump. By default, the program runs /* until the memory device reports an end-of-file (Linux), or until /* it has dumped from \fB/dev/mem\fR as much memory as reported present /* by the kernel (FreeBSD, Solaris), or until pointer wrap-around happens. /* .sp /* Warning: a too large value causes the program to spend a lot of time /* skipping over non-existent memory on Solaris systems. /* .sp /* Warning: a too large value causes the program to copy non-existent /* data on FreeBSD systems. /* .IP "\fB-m\fR \fImap_file\fR" /* Write the memory map to \fImap_file\fR, one entry per line. /* Specify \fB-m-\fR to write to the standard error stream. /* Each map entry consists of a region start address and the first /* address beyond that region. Addresses are separated by space, /* and are printed as hexadecimal numbers (0xhhhh). /* .IP "\fB-p \fIpage_size\fR (default: 0)" /* Use \fIpage_size\fR as the memory page size. By default the program /* uses the system page size. /* .sp /* Warning: a too large page size causes memory to be missed /* while skipping over holes in memory. /* .IP \fB-v\fR /* Enable verbose logging for debugging purposes. Multiple \fB-v\fR /* options make the program more verbose. /* BUGS /* On many hardware platforms the firmware (boot PROM, BIOS, etc.) /* takes away some memory. This memory is not accessible through /* \fB/dev/mem\fR. /* /* This program should produce output in a format that supports /* structure information such as ELF. /* LICENSE /* This software is distributed under the IBM Public License. /* AUTHOR /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* USA /*--*/ /* System libraries. */ #include #include #include #include #include #include #include #include #ifdef SUNOS5 #include #define _PATH_MEM "/dev/mem" #define _PATH_KMEM "/dev/kmem" #define GETPAGESIZE() sysconf(_SC_PAGESIZE) #define SUPPORTED #endif #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ || defined(OPENBSD2) || defined(OPENBSD3) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) #include #include #include #define GETPAGESIZE getpagesize #define SUPPORTED #endif #ifdef LINUX2 #include #define GETPAGESIZE getpagesize #define SUPPORTED #endif /* * Catch-all. */ #ifndef SUPPORTED #error "This operating system version is not supported" #endif /* Application-specific. */ #include "convert_size.h" #include "error.h" #include "mymalloc.h" /* * Default settings. */ #define DEF_BUFF_SIZE 0 /* use page size */ #define DEF_PAGE_SIZE 0 /* use page size */ #define DEF_SCAN_SIZE 0 /* all memory */ #define OFFT_TYPE unsigned long #define OFFT_CAST unsigned long #define OFFT_FMT "lx" /* usage - complain, explain, and terminate */ static void usage(const char *why) { if (why) remark("%s", why); error("usage: %s [options]\n" " -b read_buffer_size" " (default %lu, use the system page size)\n" " -k " " (dump kernel memory instead of physical memory)\n" " -m map_file " " (print memory map)\n" " -p memory_page_size" " (default %lu, use the system page size)\n" " -s memory_dump-size" " (default %lu, dump all memory)\n" " -v " " (verbose mode for debugging)", progname, (unsigned long) DEF_BUFF_SIZE, (unsigned long) DEF_PAGE_SIZE, (unsigned long) DEF_SCAN_SIZE); } /* get_memory_size - figure out the memory size if we need to */ static OFFT_TYPE get_memory_size(void) { #ifdef SUNOS5 OFFT_TYPE pagesz = sysconf(_SC_PAGESIZE); OFFT_TYPE pagect = sysconf(_SC_PHYS_PAGES); return (pagesz * pagect); #endif #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) \ || defined(OPENBSD2) || defined(OPENBSD3) int name[] = {CTL_HW, HW_PHYSMEM}; size_t len; unsigned unsigned_memsize; unsigned long ulong_memsize; OFFT_TYPE offt_memsize; if (sysctl(name, 2, (void *) 0, &len, (void *) 0, 0) < 0) error("sysctl: %m"); if (len == sizeof(unsigned)) { if (sysctl(name, 2, &unsigned_memsize, &len, (void *) 0, 0) <0) error("sysctl: %m"); return (unsigned_memsize); } else if (len == sizeof(unsigned long)) { if (sysctl(name, 2, &ulong_memsize, &len, (void *) 0, 0) <0) error("sysctl: %m"); return (ulong_memsize); } else if (len == sizeof(OFFT_TYPE)) { if (sysctl(name, 2, &offt_memsize, &len, (void *) 0, 0) < 0) error("sysctl: %m"); return (offt_memsize); } else { error("unexpected sizeof(hw.physmem): %d", len); } #endif return (0); } /* dump_memory - dump memory blocks between holes */ static void dump_memory(int fd, FILE * map, char *buffer, size_t buffer_size, size_t dump_size, size_t page_size, int flags) { OFFT_TYPE start; OFFT_TYPE where; OFFT_TYPE count; size_t todo; ssize_t read_count; int in_region = 0; #define ENTER_REGION(map, flags, start, where, in_region) { \ if (map) \ start = where; \ in_region = 1; \ } #define LEAVE_REGION(map, flags, start, where, in_region) { \ if (map) \ fprintf(map, "0x%" OFFT_FMT " 0x%" OFFT_FMT "\n", \ (OFFT_CAST) start, \ (OFFT_CAST) where); \ in_region = 0; \ } for (where = 0, count = 0; dump_size == 0 || count < dump_size; /* increment at end */ ) { /* * Some systems don't detect EOF, so don't try to read too much. */ todo = (dump_size > 0 && dump_size - count < buffer_size ? dump_size - count : buffer_size); #ifdef USE_PREAD read_count = pread(fd, buffer, todo, where); #else read_count = read(fd, buffer, todo); #endif if (read_count == 0) { if (verbose) remark("Stopped on EOF at 0x%" OFFT_FMT, (OFFT_CAST) where); break; } if (read_count > 0) { if (in_region == 0) ENTER_REGION(map, flags, start, where, in_region); if (write(1, buffer, read_count) != read_count) error("output write error: %m"); count += read_count; if (where + read_count < where) { remark("Stopped on OFFT_TYPE wraparound after 0x%" OFFT_FMT, (OFFT_CAST) where); break; } where += read_count; if (verbose > 1) remark("count = 0x%" OFFT_FMT, (OFFT_CAST) count); } if (read_count < 0) { if (in_region) LEAVE_REGION(map, flags, start, where, in_region); if (where + page_size < where) { remark("Stopped on OFFT_TYPE wraparound after 0x%" OFFT_FMT, (OFFT_CAST) where); break; } #ifdef USE_PREAD if (errno != EFAULT) { if (verbose) remark("Stopped on read error after 0x%" OFFT_FMT ": %m", (OFFT_CAST) where); break; } #else if (lseek(fd, where + page_size, SEEK_SET) < 0) { if (verbose) remark("Stopped on lseek error after 0x%" OFFT_FMT, (OFFT_CAST) where); break; } #endif where += page_size; if (verbose > 1) remark("where = 0x%" OFFT_FMT, (OFFT_CAST) where); } /* * Kluge to prevent pointer wrap-around. */ if (where != (OFFT_TYPE) (unsigned long) (char *) (unsigned long) where) { if (verbose) remark("Stopped on pointer wraparound at 0x%" OFFT_FMT, (OFFT_CAST) where); break; } } if (in_region) LEAVE_REGION(map, flags, start, where, in_region); /* * Sanity check. */ if (dump_size > 0 && where < dump_size) remark("warning: found only 0x%" OFFT_FMT " of 0x%" OFFT_FMT "bytes", (OFFT_CAST) count, (OFFT_CAST) dump_size); close(fd); } /* main - main program */ int main(int argc, char **argv) { size_t page_size = DEF_PAGE_SIZE; size_t dump_size = DEF_SCAN_SIZE; char *buffer; size_t buffer_size = DEF_BUFF_SIZE; int ch; int flags = 0; int fd; FILE *map = 0; const char *path = _PATH_MEM; progname = argv[0]; /* * Parse JCL. */ while ((ch = getopt(argc, argv, "b:km:p:s:v")) > 0) { switch (ch) { /* * Read buffer size. */ case 'b': if ((buffer_size = convert_size(optarg)) == -1) usage("bad read buffer size"); break; /* * Dump kernel memory instead of physical memory. */ case 'k': path = _PATH_KMEM; break; /* * Show memory map. */ case 'm': if (strcmp(optarg, "-") == 0) { map = stderr; } else { if ((map = fopen(optarg, "w")) == 0) error("create map file %s: %m", optarg); } break; /* * Page size. */ case 'p': if ((page_size = convert_size(optarg)) == -1) usage("bad memory size"); break; /* * Amount of memory to copy. */ case 's': if ((dump_size = convert_size(optarg)) == -1) usage("bad memory dump size"); break; /* * Verbose mode. */ case 'v': verbose++; break; /* * Error. */ default: usage((char *) 0); break; } } /* * Sanity checks. */ if (page_size == 0) page_size = GETPAGESIZE(); if (buffer_size == 0) buffer_size = page_size; if (dump_size == 0 && strcmp(path, _PATH_KMEM) != 0) dump_size = get_memory_size(); /* * Audit trail. */ if (verbose) { remark("dump size 0x%" OFFT_FMT, (OFFT_CAST) dump_size); remark("page size 0x%" OFFT_FMT, (OFFT_CAST) page_size); remark("buffer size 0x%" OFFT_FMT, (OFFT_CAST) buffer_size); } /* * Allocate buffer. This does not need to be a multiple of the page size. */ if ((buffer = mymalloc(buffer_size)) == 0) error("no read buffer memory available"); /* * Dump memory, skipping holes. */ if (optind != argc) usage("too many arguments"); if ((fd = open(path, O_RDONLY, 0)) < 0) error("open %s: %m", path); dump_memory(fd, map, buffer, buffer_size, dump_size, page_size, flags); if (map && fclose(map)) error("map file write error: %m"); exit(0); } memdump-1.01/mymalloc.c000644 001751 001751 00000003336 07734564571 015753 0ustar00wietsewietse000000 000000 /*++ /* NAME /* mymalloc 3 /* SUMMARY /* memory management wrappers /* SYNOPSIS /* #include /* /* char *mymalloc(len) /* int len; /* /* char *myrealloc(ptr, len) /* char *ptr; /* int len; /* /* char *mystrdup(str) /* const char *str; /* DESCRIPTION /* This module performs low-level memory management with error /* handling. A call of these functions either succeeds or it does /* not return at all. /* /* mymalloc() allocates the requested amount of memory. The memory /* is not set to zero. /* /* myrealloc() resizes memory obtained from mymalloc() or myrealloc() /* to the requested size. The result pointer value may differ from /* that given via the \fBptr\fR argument. /* /* mystrdup() returns a dynamic-memory copy of its null-terminated /* argument. This routine uses mymalloc(). /* SEE ALSO /* error(3) error reporting module. /* DIAGNOSTICS /* Fatal errors: the requested amount of memory is not available. /* LICENSE /* This software is distributed under the IBM Public License. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ /* System library. */ #include #include #include /* Utility library. */ #include "error.h" #include "mymalloc.h" /* mymalloc - allocate memory or bust */ char *mymalloc(int len) { char *ptr; if ((ptr = malloc(len)) == 0) error("Insufficient memory: %m"); return (ptr); } /* myrealloc - reallocate memory or bust */ char *myrealloc(char *ptr, int len) { if ((ptr = realloc(ptr, len)) == 0) error("Insufficient memory: %m"); return (ptr); } /* mystrdup - save string to heap */ char *mystrdup(const char *str) { return (strcpy(mymalloc(strlen(str) + 1), str)); } memdump-1.01/mymalloc.h000644 001751 001751 00000000730 07141136250 015730 0ustar00wietsewietse000000 000000 /*++ /* NAME /* mymalloc 3h /* SUMMARY /* memory management wrappers /* SYNOPSIS /* #include "mymalloc.h" /* DESCRIPTION /* .nf /* * External interface. */ extern char *mymalloc(int); extern char *myrealloc(char *, int); extern char *mystrdup(const char *); /* LICENSE /* .ad /* .fi /* The IBM Public License must be distributed with this software. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/