Man Linux: Main Page and Category List

NAME

       memdump - memory dumper

SYNOPSIS

       memdump  [-kv]  [-b  buffer_size]  [-d  dump_size]  [-m  map_file]  [-p
       page_size]

DESCRIPTION

       This program  dumps  system  memory  to  the  standard  output  stream,
       skipping  over holes in memory maps.  By default, the program dumps the
       contents of physical memory (/dev/mem).

       Output is in the form of a raw dump; if necessary, use the -m option to
       capture memory layout information.

       Output  should be sent off-host over the network, to avoid changing all
       the memory in the file system cache. Use netcat, stunnel,  or  openssl,
       depending on your requirements.

       The  size arguments below understand the k (kilo) m (mega) and g (giga)
       suffixes. Suffixes are case insensitive.

       Options

       -k     Attempt to dump kernel memory (/dev/kmem) rather  than  physical
              memory.

              Warning:  this can lock up the system to the point that you have
              to use the power  switch  (for  example,  Solaris  8  on  64-bit
              SPARC).

              Warning: this produces bogus results on Linux 2.2 kernels.

              Warning: this is very slow on 64-bit machines because the entire
              memory address range has to be searched.

              Warning:  kernel  virtual  memory  mappings  change  frequently.
              Depending   on  the  operating  system,  mappings  smaller  than
              page_size or buffer_size  may  be  missed  or  may  be  reported
              incorrectly.

       -b buffer_size (default: 0)
              Number  of  bytes  per  memory  read  operation. By default, the
              program uses the page_size value.

              Warning: a too large read buffer size causes memory to be missed
              on FreeBSD or Solaris.

       -d dump-size (default: 0)
              Number  of  memory  bytes  to dump. By default, the program runs
              until the memory device reports an end-of-file (Linux), or until
              it  has  dumped from /dev/mem as much memory as reported present
              by the kernel (FreeBSD, Solaris), or until  pointer  wrap-around
              happens.

              Warning:  a too large value causes the program to spend a lot of
              time skipping over non-existent memory on Solaris systems.

              Warning: a too large value  causes  the  program  to  copy  non-
              existent data on FreeBSD systems.

       -m map_file
              Write  the  memory map to map_file, one entry per line.  Specify
              -m- to write to the  standard  error  stream.   Each  map  entry
              consists  of a region start address and the first address beyond
              that region. Addresses are separated by space, and  are  printed
              as hexadecimal numbers (0xhhhh).

       -p page_size (default: 0)
              Use  page_size  as  the memory page size. By default the program
              uses the system page size.

              Warning: a too large page size causes memory to be missed  while
              skipping over holes in memory.

       -v     Enable  verbose  logging  for  debugging  purposes.  Multiple -v
              options make the program more verbose.

BUGS

       On many hardware platforms the firmware (boot PROM, BIOS, etc.)   takes
       away some memory. This memory is not accessible through /dev/mem.

       This  program should produce output in a format that supports structure
       information such as ELF.

LICENSE

       This software is distributed under the IBM Public License.

AUTHOR

       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       USA