On Fri, Jun 24, 2005 at 01:03:05PM +0300, shimi wrote: > Reading memory data from another process is, according to what I recall, > something that the system should protect against (not just writing to > memory space which is not yours, but also reading from there - there are > obvious security implications for not blocking something like that).
There are also reasons to do this. You (should) be able to do it to processes running under your UID, or to any process if you're root. > The only way I can think of doing that, is, and assuming you've got the > source code, is to use fork() (which makes the kernel copy the whole > memory space of the process into a new process), and inside the child > process, use SIGABRT (man abort), which, IIRC, will make the forked > process die and dump a core, and a core is basically... a memory > dump :) That's one way. You can also use ptrace(2) - see dumpmem for an example. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
