Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NateBrune/fmem

Linux Kernel Module designed to help analyze volatile memory in the linux kernel
https://github.com/NateBrune/fmem

Last synced: 2 months ago
JSON representation

Linux Kernel Module designed to help analyze volatile memory in the linux kernel

Awesome Lists containing this project

README 

        
fmem 1.6.0



This repo is was originally a github mirror of the original fmem module.

Later this repo became a maintained version of fmem to account for a changing Linux kernel.

Bug reports and patches welcome.



This module creates /dev/fmem device,

that can be used for dumping physical memory,

without limits of /dev/mem (1MB/1GB, depending on distribution)

  

Tested on i386 and x64, feel free to test it on 

different architectures. (and send report please)

 

Cloned from linux/drivers/char/mem.c 

(so GPL license apply)



Original name of this tool was fdump, 

which was conflict with already existing tool,

so name was changed to fmem  



2009,2010 [email protected]



-----

Usage:



$ make



# ./run.sh



# dd if=/dev/fmem of=... bs=1MB count=... 



-----

BUGS: if you do something like # dd if=/dev/fmem of=dump 

      dd will never stop, even if there is no more physical RAM

      on the system. This is more a feature, because Linux kernel

      don't have stable API, and detection of mapped areas can be 

      tricky on older kernels. Because primary usage for fmem is 

      memory forensic, I think it is safer to specify 

      amount of RAM by hand.

-----