reading process memory
Diomidis Spinellis
dds at aueb.gr
Thu Jun 8 01:59:44 UTC 2006
Tofik Suleymanov wrote:
>> The only way you're going to be able to read another processes
>> address space is in the kernel.Even a process running as root is not
>> able to read another process's data.
Incorrect; see this example:
$ sed -e 's/this/that/' &
[1] 87345
$ /bin/su
Password:
# dd if=/proc/87345/mem conv=noerror 2> /dev/null | strings
[...]
@(#)compile.c 8.1 (Berkeley) 6/6/93
[...]
RE error: %s
RuneMagiNONE
/this/that/
"s/this/that/
s/this/that/
this
that
that
Diomidis - http://www.spinellis.gr
More information about the freebsd-stable
mailing list