2,257
edits
Changes
Jump to navigation
Jump to search
mLine 17:
Line 17: − +
Memory dumping and restoring (edit)
Revision as of 09:33, 21 September 2016
, 09:33, 21 September 2016→Dumping
* Ptrace SEIZE, used to grab pages from task's VM into a pipe (with vmsplice)
* Ptrace SEIZE, used to grab pages from task's VM into a pipe (with vmsplice)
The last step deserves a more detailed explanation. In order to drain memory from a task, we first generate the bitmap of pages needed to be dumped (using the smaps, map_files and pagemap from proc). Next, we create a set of pipes to put pages into. Then we infect the process with [[parasite code]], which, in turn, gets the pipes and <code>vmsplice</code>s the required pages into it. Finally, we <code>splice</code> the pages from pipes into [[memory dumps|image files]].
The last step deserves a more detailed explanation. In order to drain memory from a task, we first generate the bitmap of pages needed to be dumped (using the smaps, map_files and [[pagemap cache]] filled from proc). Next, we create a set of pipes to put pages into. Then we infect the process with [[parasite code]], which, in turn, gets the pipes and <code>vmsplice</code>s the required pages into it. Finally, we <code>splice</code> the pages from pipes into [[memory dumps|image files]].
=== Restoring ===
=== Restoring ===