-
Notifications
You must be signed in to change notification settings - Fork 38
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
License
NateBrune/fmem
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
fmem 1.6.0 This repo is was originally a github mirror of the original fmem module. Later this repo became a maintained version of fmem to account for a changing Linux kernel. Bug reports and patches welcome. This module creates /dev/fmem device, that can be used for dumping physical memory, without limits of /dev/mem (1MB/1GB, depending on distribution) Tested on i386 and x64, feel free to test it on different architectures. (and send report please) Cloned from linux/drivers/char/mem.c (so GPL license apply) Original name of this tool was fdump, which was conflict with already existing tool, so name was changed to fmem 2009,2010 [email protected] ----- Usage: $ make # ./run.sh # dd if=/dev/fmem of=... bs=1MB count=... ----- BUGS: if you do something like # dd if=/dev/fmem of=dump dd will never stop, even if there is no more physical RAM on the system. This is more a feature, because Linux kernel don't have stable API, and detection of mapped areas can be tricky on older kernels. Because primary usage for fmem is memory forensic, I think it is safer to specify amount of RAM by hand. -----
About
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published