问题
Hello I try to dump the memory of a process in Android/Linux. Right now I read the memory maps to get a memory region's address space and then I read every single word like this:
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);
read each word in this memory region:
word = ptrace(PTRACE_PEEKDATA, pid, (void *)address, NULL);
ptrace(PTRACE_CONT, pid, NULL, NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);
Isn't there a more efficient solution reading directly a whole memory page by specifying the start/end of a memory address space to read?
回答1:
There are two possible ways to read memory more efficiently from another process.
If your kernel supports it (I have no idea about Android kernels) you can use process_vm_readv.
Another way is to open the /proc/.../mem file of the target process and read from it. gdb uses this method, though I think only because process_vm_readv is "new" (in gdb's terms).
来源:https://stackoverflow.com/questions/34433451/linux-ptrace-read-whole-memory-page