01-15-2009
Probably this is a kernel programming related problem. It would be easier to create a kernel module that accessed a certain program's memory and then a system call so you could access everything through user-space.
Alternatively you have ptrace() that allows you to see and change in any program's core image and registers.
Ultimately, you could query /proc/iomem to see the offset of your RAM in /dev/mem (grep "System RAM" /proc/iomem|tail -n 1) and then go sniff around the binary data within your system's ram.
9 More Discussions You Might Find Interesting
1. IP Networking
Hi All,
On a solaris box A port B
in which port B is established and receiving data.
My question is how do i listen on that established port ,
how can i get the data received at box A: port B through my application
I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
2. Programming
Hi,
Does any one know what tool to use to visualize how is memory layed out for C on linux systems. I mean how much stack portion is used in functional call.
Where exactly does the argument to function sit in memory ?
I have written small program pasted below. But I am not able to infer... (3 Replies)
Discussion started by: parasa
3 Replies
3. UNIX for Advanced & Expert Users
Hi,
I having problem with my linux machine
it have 6Gb physical memory and somehow it always almost coming to the bottom neck and than it start writing to the swap memory
you can see that there is more than 4G in cahce, is there any way to clean the cache or to limit it to 2Gb?
host1... (6 Replies)
Discussion started by: Igal Malka
6 Replies
4. Programming
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
5. Shell Programming and Scripting
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
6. Linux
Hi All,
We are using the linux servers and need to track the memory utilization of the box. Could anyone advice how the same can be achived.
:) (1 Reply)
Discussion started by: haitorajesh
1 Replies
7. What is on Your Mind?
Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.)
Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies
8. Red Hat
Hello, I am using Linux os.
$ df -k /dev/shm
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 2023256 1065000 958256 53% /dev/shm
$
Based on my google this, it is shared memory. What is this shared memory and where exactly it is used? Can you... (5 Replies)
Discussion started by: govindts
5 Replies
9. Linux
Hi All,
We are running a python application on an RHEL 7 VM machine hosted in Azure. Machine has 8GB of memory & 2GB of swap space configured as swap file. Below the output of free command from the server.
#-> free -h
total used free shared buff/cache ... (12 Replies)
Discussion started by: veeresh_15
12 Replies
MEM(4) Linux Programmer's Manual MEM(4)
NAME
mem, kmem, port - system memory, kernel memory and system ports
DESCRIPTION
/dev/mem is a character device file that is an image of the main memory of the computer. It may be used, for example, to examine (and even
patch) the system.
Byte addresses in /dev/mem are interpreted as physical memory addresses. References to nonexistent locations cause errors to be returned.
Examining and patching is likely to lead to unexpected results when read-only or write-only bits are present.
Since Linux 2.6.26, and depending on the architecture, the CONFIG_STRICT_DEVMEM kernel configuration option limits the areas which can be
accessed through this file. For example: on x86, RAM access is not allowed but accessing memory-mapped PCI regions is.
It is typically created by:
mknod -m 660 /dev/mem c 1 1
chown root:kmem /dev/mem
The file /dev/kmem is the same as /dev/mem, except that the kernel virtual memory rather than physical memory is accessed. Since Linux
2.6.26, this file is available only if the CONFIG_DEVKMEM kernel configuration option is enabled.
It is typically created by:
mknod -m 640 /dev/kmem c 1 2
chown root:kmem /dev/kmem
/dev/port is similar to /dev/mem, but the I/O ports are accessed.
It is typically created by:
mknod -m 660 /dev/port c 1 4
chown root:kmem /dev/port
FILES
/dev/mem
/dev/kmem
/dev/port
SEE ALSO
chown(1), mknod(1), ioperm(2)
COLOPHON
This page is part of release 4.15 of the Linux man-pages project. A description of the project, information about reporting bugs, and the
latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.
Linux 2015-01-02 MEM(4)