Dumping/reading memory space of a running program.

[Louis LeBlanc]

On 08/25/03 02:36 AM, Sten Daniel S?rsdal sat at the `puter and typed:
> 
>  How do i read/dump the entire memory space of a running program?
>  Is this possible?
>  I really dont have the option of restarting it. 

If you have access to all the structures in the process, you could
whip up a perl script that parses the output of nm(1) and parse the
/proc/filesystem for the process to pick and choose the data points
you want to see.

I've seen (and done, to an extent) the same thing on Solaris, and for
data structures that aren't too complex , it's not too tough.
Depending on the system, 2 levels of member structures gets a bit deep
to get through a big store.

You'll need to really read up on the procfs(5), nm(1), and the seek,
sysread, and unpack commands in perl to get it to work.

HTH
Lou
-- 
Louis LeBlanc               leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

innovate, v.:
  To annoy people.