-
-
Save mgeeky/6a8fa7814efb6c8ad783c3c76c791c4c to your computer and use it in GitHub Desktop.
| #!/usr/bin/python | |
| def hex_dump_memory(ptr, num): | |
| import ctypes | |
| s = '' | |
| n = 0 | |
| lines = [] | |
| data = list((num * ctypes.c_byte).from_address(ptr)) | |
| if len(data) == 0: | |
| return '<empty>' | |
| for i in range(0, num, 16): | |
| line = '' | |
| line += '%04x | ' % (i) | |
| n += 16 | |
| for j in range(n-16, n): | |
| if j >= len(data): break | |
| line += '%02x ' % abs(data[j]) | |
| line += ' ' * (3 * 16 + 7 - len(line)) + ' | ' | |
| for j in range(n-16, n): | |
| if j >= len(data): break | |
| c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.' | |
| line += '%c' % c | |
| lines.append(line) | |
| return '\n'.join(lines) | |
| addr = int('0x' + open('/proc/self/maps', 'r').readlines()[0].split('-')[0], 16) | |
| print 'Hex dump from 0x%016x' % addr | |
| print hex_dump_memory(addr, 256) |
mgeeky
commented
Jun 27, 2017
can we use this to dump a application as well so i dont have to use procdump
@modz2014 hi! I've never tried repurposing that primitive into fully-fledged process dumper, neither do I believe that would be easy to do so. In order to obtain nice minidump you would need to adhere to underlying file format & required structures that formulate it.
Implemented primitive is capable of merely acquiring raw bytes view, which is not enough to end up with a tidy minidump.
Hopefully that makes things more clear.
Regards,
Mariusz
I just want to be able to dump memory of a program that’s all so I don’t have to use procdump all the time
it’s only dump at a certain string won’t even need a full
Dump of the program
Hasn't it been better to use ctypes.c_ubyte on line 9?