DOKK / manpages / debian 10 / memdump / memdump.8.en
MEMDUMP(8) System Manager's Manual MEMDUMP(8)

memdump - memory dumper



memdump [-kv] [-b buffer_size] [-d
    dump_size] [-m map_file] [-p
    page_size]










This program dumps system memory to the standard output stream,
    skipping over holes in memory maps. By default, the program dumps the
    contents of physical memory (/dev/mem).


Output is in the form of a raw dump; if necessary, use the
    -m option to capture memory layout information.


Output should be sent off-host over the network, to avoid changing
    all the memory in the file system cache. Use netcat, stunnel, or openssl,
    depending on your requirements.


The size arguments below understand the k (kilo) m
    (mega) and g (giga) suffixes. Suffixes are case insensitive.


Options



  

  
Attempt to dump kernel memory (/dev/kmem) rather than physical
      memory.
    
Warning: this can lock up the system to the point that you
        have to use the power switch (for example, Solaris 8 on 64-bit
      SPARC).

    
Warning: this produces bogus results on Linux 2.2 kernels.

    
Warning: this is very slow on 64-bit machines because the
        entire memory address range has to be searched.

    
Warning: kernel virtual memory mappings change frequently.
        Depending on the operating system, mappings smaller than
        page_size or buffer_size may be missed or may be reported
        incorrectly.

  

  

  
Number of bytes per memory read operation. By default, the program uses
      the page_size value.
    
Warning: a too large read buffer size causes memory to be
        missed on FreeBSD or Solaris.

  

  

  
Number of memory bytes to dump. By default, the program runs until the
      memory device reports an end-of-file (Linux), or until it has dumped from
      /dev/mem as much memory as reported present by the kernel (FreeBSD,
      Solaris), or until pointer wrap-around happens.
    
Warning: a too large value causes the program to spend a lot
        of time skipping over non-existent memory on Solaris systems.

    
Warning: a too large value causes the program to copy
        non-existent data on FreeBSD systems.

  

  

  
Write the memory map to map_file, one entry per line. Specify
      -m- to write to the standard error stream. Each map entry consists
      of a region start address and the first address beyond that region.
      Addresses are separated by space, and are printed as hexadecimal numbers
      (0xhhhh).

  

  
Use page_size as the memory page size. By default the program uses
      the system page size.
    
Warning: a too large page size causes memory to be missed
        while skipping over holes in memory.

  

  

  
Enable verbose logging for debugging purposes. Multiple -v options
      make the program more verbose.












On many hardware platforms the firmware (boot PROM, BIOS, etc.)
    takes away some memory. This memory is not accessible through
    /dev/mem.


This program should produce output in a format that supports
    structure information such as ELF.








This software is distributed under the IBM Public License.








Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
USA