云鉴权>> muisto>> 返回
项目作者: raspi

项目描述 :
Memory dumper for Linux
高级语言: Go
项目地址: git://github.com/raspi/muisto.git
创建时间: 2021-02-08T21:16:24Z
项目社区:https://github.com/raspi/muisto
开源协议:MIT License
下载


muisto

GitHub All Releases
GitHub release (latest by date)
GitHub tag (latest by date)

Memory dumper for Linux. Uses /proc/<pid>/maps file for source. Memory is dumped from /proc/<pid>/mem.

Usage

  1. muisto - process memory address space dumper v1.0.1 (2021-02-08T23:45:18+02:00)
  2. (c) Pekka Järvinen 2021- [ https://github.com/raspi/muisto ]
  4. Parameters:
  5.   -maxaddress   Max address start offset (0 = no limit)   default: "0"
  6.   -maxsize      Max address size (0 = no limit)   default: "100MiB"
  7.   -minaddress   Min address start offset   default: "0"
  8.   -minsize      Min address size   default: "1KiB"
  9.   -pid          Program ID (PID)   default: "0"
  10.   -stop         Stop process before dumping   default: "true"
  11.   -version      Show version information   default: "false"
  13. Examples:
  14.   Dump addresses which has size between 8 KiB - 100 MiB at address offsets between 512 MiB - 1 GiB:
  15.     ./muisto -pid 4321 -minaddress 512MiB -maxaddress 1GiB -maxsize 100MiB -minsize 8KiB
  17. See:
  18.   `man 5 proc`, `cat /proc/<pid>/maps`

After dumping you can use for example file and binwalk:

  1. % find . -type f -iname "*.dump" -exec file "{}" \;
  2. % binwalk --dd ".*" *.dump