Creating a KLD to dump memory
Warner Losh
imp at bsdimp.com
Mon Jan 22 14:14:49 UTC 2018
On Mon, Jan 22, 2018 at 6:48 AM, Office Manager <officem4790 at gmail.com>
wrote:
> Hi,
> I'm trying to create a kernel module to dump the memory of a machine like
> lime <https://github.com/504ensicsLabs/LiME>.
> Right now I'm using memrw implementation to read the physical memory, my
> problem with this method is the garbage pages that return a page filled
> with 0xFF's.
> How can I create a dump containing only the physical available memory?
>
> e.g my machine has 256mb so I want a 256mb memory dump.
>
Study the code that implements /dev/mem. It's in mem.c in the arch
dependent directory in the kernel.
Warner
More information about the freebsd-drivers
mailing list