Fwd: Creating a KLD to dump memory
Office Manager
officem4790 at gmail.com
Mon Jan 22 15:13:28 UTC 2018
---------- Forwarded message ----------
From: Office Manager <officem4790 at gmail.com>
Date: Mon, Jan 22, 2018 at 4:52 PM
Subject: Re: Creating a KLD to dump memory
To: Warner Losh <imp at bsdimp.com>
Hi,
As I said I'm using memrw which is /dev/mem code to read and write memory.
My problem is in 32bit the dump outputs to about 4gb(size of all possible
mappings of physical address)
/dev/mem as well gives 0xFF to unmapped physical pages, I want to dump only
mapped physical pages.
On Mon, Jan 22, 2018 at 4:14 PM, Warner Losh <imp at bsdimp.com> wrote:
>
>
> On Mon, Jan 22, 2018 at 6:48 AM, Office Manager <officem4790 at gmail.com>
> wrote:
>
>> Hi,
>> I'm trying to create a kernel module to dump the memory of a machine like
>> lime <https://github.com/504ensicsLabs/LiME>.
>> Right now I'm using memrw implementation to read the physical memory, my
>> problem with this method is the garbage pages that return a page filled
>> with 0xFF's.
>> How can I create a dump containing only the physical available memory?
>>
>> e.g my machine has 256mb so I want a 256mb memory dump.
>>
>
> Study the code that implements /dev/mem. It's in mem.c in the arch
> dependent directory in the kernel.
>
> Warner
>
More information about the freebsd-drivers
mailing list