Skip to content
/ fmem Public
forked from NateBrune/fmem

Linux Kernel Module designed to help analyze volatile memory in the linux kernel

License

Notifications You must be signed in to change notification settings

slmingol/fmem

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

fmem 1.5.0

This repo is just a github mirror of the original fmem module.

This module creates /dev/fmem device,
that can be used for dumping physical memory,
without limits of /dev/mem (1MB/1GB, depending on distribution)
  
Tested on i386 and x64, feel free to test it on 
different architectures. (and send report please)
 
Cloned from linux/drivers/char/mem.c 
(so GPL license apply)

Original name of this tool was fdump, 
which was conflict with already existing tool,
so name was changed to fmem  

Bug reports and patches welcome.

2009,2010 [email protected]

-----
Usage:

$ make

# ./run.sh

# dd if=/dev/fmem of=... bs=1MB count=... 

-----
BUGS: if you do something like # dd if=/dev/fmem of=dump 
      dd will never stop, even if there is no more physical RAM
      on the system. This is more a feature, because Linux kernel
      don't have stable API, and detection of mapped areas can be 
      tricky on older kernels. Because primary usage for fmem is 
      memory forensic, I think it is safer to specify 
      amount of RAM by hand.
-----

About

Linux Kernel Module designed to help analyze volatile memory in the linux kernel

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 93.1%
  • Makefile 3.5%
  • Shell 3.4%