forked from NateBrune/fmem
-
Notifications
You must be signed in to change notification settings - Fork 2
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
License
slmingol/fmem
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
fmem 1.5.0 This repo is just a github mirror of the original fmem module. This module creates /dev/fmem device, that can be used for dumping physical memory, without limits of /dev/mem (1MB/1GB, depending on distribution) Tested on i386 and x64, feel free to test it on different architectures. (and send report please) Cloned from linux/drivers/char/mem.c (so GPL license apply) Original name of this tool was fdump, which was conflict with already existing tool, so name was changed to fmem Bug reports and patches welcome. 2009,2010 [email protected] ----- Usage: $ make # ./run.sh # dd if=/dev/fmem of=... bs=1MB count=... ----- BUGS: if you do something like # dd if=/dev/fmem of=dump dd will never stop, even if there is no more physical RAM on the system. This is more a feature, because Linux kernel don't have stable API, and detection of mapped areas can be tricky on older kernels. Because primary usage for fmem is memory forensic, I think it is safer to specify amount of RAM by hand. -----
About
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 93.1%
- Makefile 3.5%
- Shell 3.4%