试图访问RAM / dev / mem ...说“不允许操作” [英] Attempting to access RAM /dev/mem… says “Operation not permitted”

问题描述

我正在使用Ubuntu 12.04



我阅读了以下有关如何访问Linux内存内容的教程....



http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/



dd if = / dev / mem | hexdump -C | grep要搜索的字符串



所以，我运行代码...



sudo dd if = / dev / mem | hexdump -C> NAMEOFOUTPUTFILEHERE.txt



并且...它开始抽出十六进制代码，直到几秒钟后，它说：



dd：阅读`/ dev / mem''：不允许操作

2056 + 0记录

2056 + 0记录

复制1052672字节（1.1 MB），0.44834 s，2.3 MB / s



基本上......我可以得到大约3.3 MB的RAM转储内容 - 直到程序停止，说不允许操作



....所以......我在想......为什么我无法转储RAM的全部内容？这是Ubuntu的故意限制，以阻止恶意黑客..？或者是别的什么..？有谁知道..？谢谢

解决方案

好的......忘记了......事实证明，Ubuntu在RAM提取上有1 MB的限制，正如内核中所定义的那样......显然，那个'安全性很好，因为黑客不能从RAM等中提取你的密码......



所以...是的......这个帖子现已解决



以下是完整信息，适合所有感兴趣的人....

引用：

如果你的内核是用STRICT_DEVMEM = y编译的（参见例如/ boot / config-KERNELVERSION）那么只从/ dev /读取前1MB记忆这不是内核版本问题，而是由于您自己的机器内核的编译方式;大多数发行版内核都会有充分的理由限制这个限制。



你可以下载并修改取证内核模块fmem来解决这个问题。风险自负！之后尽快rmmod。 fmem模块提供/ dev / fmem设备，没有任何安全限制。

I am using Ubuntu 12.04

I read the following tutorial on how to access the contents of RAM in Linux....

http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/

dd if=/dev/mem | hexdump -C | grep "string to search for"

So, I run the code...

sudo dd if=/dev/mem | hexdump -C > NAMEOFOUTPUTFILEHERE.txt

And... it starts pumping out HEX code, until a few seconds later, where it says:

dd: reading `/dev/mem'': Operation not permitted
2056+0 records in
2056+0 records out
1052672 bytes (1.1 MB) copied, 0.44834 s, 2.3 MB/s

So basically.. I am able to get about 3.3 MB of RAM dump contents-- until the program stops, saying "Operation not permitted"

.... And so... I am wondering... why am I not able to dump the entire contents of RAM? Is this a deliberate limitation in Ubuntu, to stop malicious hackers..? Or, is it something else..? Does anybody know..? Thanks

解决方案

OK... forget it... turns out Ubuntu has 1 MB limit on RAM extraction, as defined in the kernel.. and obviously, that''s good security, because then a hacker can''t extract your passwords from RAM etc...

And so... yeah.... this thread is now SOLVED

Here is the full info, for anyone interested....

Quote:

if your kernel was compiled with STRICT_DEVMEM=y (see e.g. /boot/config-KERNELVERSION) then only the first 1MB is read from /dev/mem . This isn’t so much a kernel version issue, as a result of how your own machine’s kernel was compiled; most distro kernels will have this restriction in place for good reason.

You can download and insmod the forensic kernel module fmem to work around this; at your own risk! rmmod it as soon as possible afterwards. The fmem module provides a /dev/fmem device without any security restrictions.

这篇关于试图访问RAM / dev / mem ...说“不允许操作”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！