forked from NateBrune/fmem
-
Notifications
You must be signed in to change notification settings - Fork 1
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
License
slmingol/fmem
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
fmem 1.5.0
This repo is just a github mirror of the original fmem module.
This module creates /dev/fmem device,
that can be used for dumping physical memory,
without limits of /dev/mem (1MB/1GB, depending on distribution)
Tested on i386 and x64, feel free to test it on
different architectures. (and send report please)
Cloned from linux/drivers/char/mem.c
(so GPL license apply)
Original name of this tool was fdump,
which was conflict with already existing tool,
so name was changed to fmem
Bug reports and patches welcome.
2009,2010 niekt0@hysteria.sk
-----
Usage:
$ make
# ./run.sh
# dd if=/dev/fmem of=... bs=1MB count=...
-----
BUGS: if you do something like # dd if=/dev/fmem of=dump
dd will never stop, even if there is no more physical RAM
on the system. This is more a feature, because Linux kernel
don't have stable API, and detection of mapped areas can be
tricky on older kernels. Because primary usage for fmem is
memory forensic, I think it is safer to specify
amount of RAM by hand.
-----
About
Linux Kernel Module designed to help analyze volatile memory in the linux kernel
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 93.1%
- Makefile 3.5%
- Shell 3.4%