MemFetch
memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.
-------------------------------------------------------------------------------------------------------------------------
I'm trying to use memfetch to dump the memory of a particular process from my Samsung Galaxy Nexus.
I downloaded memfetch from http://lcamtuf.coredump.cx/
Extracted out its contents using the following command:
tar -xvf memfetch.tgz
Ran an ls on my memfetch directory:
ls
COPYING Makefile memfetch.c mffind.pl README
At this stage i'm supposed to run the make command to get my memfetch executable.
Editing the memfetch.c file, i removed the include page.h line
So first i downloaded the Android ARM Architecture it with the following command. This was for static cross-compilation for the memfetch:
apt-get install gcc-arm0-linux-gnueabi
Then i edited Makefile at the following areas:
FILE = memfetch
CFLAGS = -Wall -09 -static
CC = arm-linux-gnueabi-gcc
So success, i had my memfetch executable:
make
arm-linux-gnueabi-gcc -Wall -09 -static memfetch.c -o memfetch
ls
COPYING Makefile memfetch memfetch.c mffind.pl README
Then i pushed the memfetch executable into my Android phone:
adb push memfetch /sdcard/memfetch
Now from here i worked things from my phone.
I ran executed a adb shell command and created a directory to store the memfetch exectable, ideally to run it from there:
adb shell
su
cd /sdcard
mkdir tmp
mount -t tmpfs tmpfs tmp
cp memfetch tmp
cd tmp
chmod 6755 memfetch
Now here's where the problem comes. When i executed the memfetch, i was getting the following error:
./memfetch 1197
memfetch 0.05b by Michal Zalewski <lcamtuf@coredump.cx>
Usage ./memfetch [ -sawn ] [ -S xxx ] PID
-s - wait for fault signal before generating a dump
-a - skip non-anonymous maps (libraries etc)
-w - write index file to stdout instead of mfetch.lst
-m - avoid mmap(), helps to prevent hanging on some 2.2 boxes
-S xxx - dump segment containing address xxx (hex) only
No matter what PID i tried to dump, i always got the same error. I even tried with various flag combinations but none of them worked :(
The solution is, if you don't use other inputs "samwS" comment this lines,
while ((opt=getopt(argc,(void*)argv, "+samwS:h"))!=EOF)
switch(opt) {
case 's': waitsig=1; break;
case 'a': skipmap=1; break;
case 'w': textout=1; break;
case 'm': avoid_mmap=1; break;
case 'S': if (sscanf(optarg,"%x",&onlyseg)!=1)
fatal("Incorrect -S syntax (hex address expected).\n");
break;
default: usage(argv[0]);
}
it you use them just comment default: usage(argv[0]);
memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.
-------------------------------------------------------------------------------------------------------------------------
I'm trying to use memfetch to dump the memory of a particular process from my Samsung Galaxy Nexus.
I downloaded memfetch from http://lcamtuf.coredump.cx/
Extracted out its contents using the following command:
tar -xvf memfetch.tgz
Ran an ls on my memfetch directory:
ls
COPYING Makefile memfetch.c mffind.pl README
At this stage i'm supposed to run the make command to get my memfetch executable.
Editing the memfetch.c file, i removed the include page.h line
So first i downloaded the Android ARM Architecture it with the following command. This was for static cross-compilation for the memfetch:
apt-get install gcc-arm0-linux-gnueabi
Then i edited Makefile at the following areas:
FILE = memfetch
CFLAGS = -Wall -09 -static
CC = arm-linux-gnueabi-gcc
So success, i had my memfetch executable:
make
arm-linux-gnueabi-gcc -Wall -09 -static memfetch.c -o memfetch
ls
COPYING Makefile memfetch memfetch.c mffind.pl README
Then i pushed the memfetch executable into my Android phone:
adb push memfetch /sdcard/memfetch
Now from here i worked things from my phone.
I ran executed a adb shell command and created a directory to store the memfetch exectable, ideally to run it from there:
adb shell
su
cd /sdcard
mkdir tmp
mount -t tmpfs tmpfs tmp
cp memfetch tmp
cd tmp
chmod 6755 memfetch
Now here's where the problem comes. When i executed the memfetch, i was getting the following error:
./memfetch 1197
memfetch 0.05b by Michal Zalewski <lcamtuf@coredump.cx>
Usage ./memfetch [ -sawn ] [ -S xxx ] PID
-s - wait for fault signal before generating a dump
-a - skip non-anonymous maps (libraries etc)
-w - write index file to stdout instead of mfetch.lst
-m - avoid mmap(), helps to prevent hanging on some 2.2 boxes
-S xxx - dump segment containing address xxx (hex) only
No matter what PID i tried to dump, i always got the same error. I even tried with various flag combinations but none of them worked :(
The solution is, if you don't use other inputs "samwS" comment this lines,
while ((opt=getopt(argc,(void*)argv, "+samwS:h"))!=EOF)
switch(opt) {
case 's': waitsig=1; break;
case 'a': skipmap=1; break;
case 'w': textout=1; break;
case 'm': avoid_mmap=1; break;
case 'S': if (sscanf(optarg,"%x",&onlyseg)!=1)
fatal("Incorrect -S syntax (hex address expected).\n");
break;
default: usage(argv[0]);
}
it you use them just comment default: usage(argv[0]);
0 comments:
Post a Comment