Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

MEMDUMP(1)							    MEMDUMP(1)

NAME
       memdump - memory dumper

SYNOPSIS
       memdump	[-kv]  [-b  buffer_size]  [-d  dump_size]  [-m	map_file]  [-p
       page_size]

DESCRIPTION
       This program dumps system memory to the standard output	stream,	 skip‐
       ping over holes in memory maps.	By default, the program dumps the con‐
       tents of physical memory (/dev/mem).

       Output is in the form of a raw dump; if necessary, use the -m option to
       capture memory layout information.

       Output  should be sent off-host over the network, to avoid changing all
       the memory in the file system cache. Use netcat, stunnel,  or  openssl,
       depending on your requirements.

       The  size arguments below understand the k (kilo) m (mega) and g (giga)
       suffixes. Suffixes are case insensitive.

       Options

       -k     Attempt to dump kernel memory (/dev/kmem) rather	than  physical
	      memory.

	      Warning:	this can lock up the system to the point that you have
	      to use the power	switch	(for  example,	Solaris	 8  on	64-bit
	      SPARC).

	      Warning: this produces bogus results on Linux 2.2 kernels.

	      Warning: this is very slow on 64-bit machines because the entire
	      memory address range has to be searched.

	      Warning:	kernel	virtual	 memory	 mappings  change  frequently.
	      Depending	  on  the  operating  system,  mappings	 smaller  than
	      page_size or buffer_size may be missed or may be reported incor‐
	      rectly.

       -b buffer_size (default: 0)
	      Number  of bytes per memory read operation. By default, the pro‐
	      gram uses the page_size value.

	      Warning: a too large read buffer size causes memory to be missed
	      on FreeBSD or Solaris.

       -d dump-size (default: 0)
	      Number  of  memory  bytes	 to dump. By default, the program runs
	      until the memory device reports an end-of-file (Linux), or until
	      it  has  dumped from /dev/mem as much memory as reported present
	      by the kernel (FreeBSD, Solaris), or until  pointer  wrap-around
	      happens.

	      Warning:	a too large value causes the program to spend a lot of
	      time skipping over non-existent memory on Solaris systems.

	      Warning: a too large value causes the program to copy  non-exis‐
	      tent data on FreeBSD systems.

       -m map_file
	      Write  the  memory map to map_file, one entry per line.  Specify
	      -m- to write to the standard error stream.  Each map entry  con‐
	      sists  of	 a  region  start address and the first address beyond
	      that region. Addresses are separated by space, and  are  printed
	      as hexadecimal numbers (0xhhhh).

       -p page_size (default: 0)
	      Use  page_size  as  the memory page size. By default the program
	      uses the system page size.

	      Warning: a too large page size causes memory to be missed	 while
	      skipping over holes in memory.

       -v     Enable  verbose  logging	for  debugging	purposes.  Multiple -v
	      options make the program more verbose.

BUGS
       On many hardware platforms the firmware (boot PROM, BIOS, etc.)	 takes
       away some memory. This memory is not accessible through /dev/mem.

       This  program should produce output in a format that supports structure
       information such as ELF.

LICENSE
       This software is distributed under the IBM Public License.

AUTHOR
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       USA

								    MEMDUMP(1)

Vote for polarhome