Linux ptrace()读取整个内存页面 [英] Linux ptrace() read whole memory page

问题描述

您好，我尝试在Android/Linux中转储进程的内存.现在我读取内存映射以获得内存区域的地址空间，然后我像这样读取每个单词:

Hello I try to dump the memory of a process in Android/Linux. Right now I read the memory maps to get a memory region's address space and then I read every single word like this:

ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);

read each word in this memory region:
word = ptrace(PTRACE_PEEKDATA, pid, (void *)address, NULL);

ptrace(PTRACE_CONT, pid, NULL, NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);

没有一种更有效的解决方案，通过指定要读取的内存地址空间的开始/结尾来直接读取整个内存页面吗?

Isn't there a more efficient solution reading directly a whole memory page by specifying the start/end of a memory address space to read?

推荐答案

有两种方法可以更有效地从另一个进程读取内存.

There are two possible ways to read memory more efficiently from another process.

如果您的内核支持(我对Android内核一无所知)，则可以使用 process_vm_readv .

If your kernel supports it (I have no idea about Android kernels) you can use process_vm_readv.

另一种方法是打开目标进程的/proc/.../mem 文件并从中读取.gdb使用此方法，尽管我认为仅是因为 process_vm_readv 是新的"(以gdb的术语).

Another way is to open the /proc/.../mem file of the target process and read from it. gdb uses this method, though I think only because process_vm_readv is "new" (in gdb's terms).

这篇关于Linux ptrace()读取整个内存页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！