Man Linux: Main Page and Category List

NAME

       pcat - copy process memory

SYNOPSIS

       pcat [-hHv] [-m mapfile] process_id

DESCRIPTION

       pcat  hooks  onto  the process specified with process_id and copies the
       contents of its memory to standard output. By default, pcat skips  over
       holes  in  the  process address space.  Consequently, absolute location
       information is lost.

       Options:

       -h (default)
              Skip over holes in the process address space, so  that  absolute
              location information is lost.

       -H     Preserve  holes  in  the process address space, so that absolute
              location information is preserved.  This option writes holes  to
              the output file, and requires that stdout is redirected to file.
              This option does not work on some Solaris versions.

       -m mapfile
              Print the process memory map to mapfile,  one  entry  per  line.
              Specify  -m-  to  write  to the standard error stream.  Each map
              entry consists of a region start address and the  first  address
              beyond  that  region.  Addresses are separated by space, and are
              printed as hexadecimal numbers (0xhhhh).

       -v     Enable verbose mode, for debugging purposes.

BUGS

       On systems with a usable /proc file system,  pcat  does  not  stop  the
       target  process before accessing its memory.  This can result in a loss
       of accuracy.

       pcat uses ptrace(2) when the system lacks a usable /proc  file  system.
       This can be very, very, slow.

       The  use of ptrace(2) causes the target process to be stopped while its
       memory being is copied. This can be undesirable.

       On some systems, the ptrace(2) detach operation resumes a process  that
       was  stopped prior to the ptrace(2) attach operation.  pcat attempts to
       compensate by  sending  SIGSTOP  signals  when  it  detaches  from  the
       process.

       On  some  systems,  the  ptrace(2)  detach  operation  leaves a process
       stopped that was not stopped prior to the ptrace(2)  attach  operation.
       pcat  attempts  to  compensate  by  sending  a  SIGCONT  signal when it
       detaches from the process.

       On most non-/proc systems, pcat accesses  kernel  data  structures  and
       therefore  1)  needs  super-user  privilege  and  2)  must  be compiled
       specifically for the machine that it runs on.

       pcat will not copy its own memory.

       pcat will not copy system processes (i.e. processes that live  entirely
       inside the kernel).

HISTORY

       This  pcat  command  was written for the coroner’s toolkit.  However, a
       command with the same name exists on some versions of  System  V  UNIX.
       That command, a file decompression utility, should not be confused with
       the command described in this manual page.

LICENSE

       This software is distributed under the IBM Public License.

AUTHOR(S)

       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA