linux-memory-dumper/memdump at master · billstackpole/linux-memory-dumper · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/sh
# :mode=shellscript:

##
## Linux memory dumping program for systems that don't have /dev/mem.
## Organizes results by pid and program name.
## Written by and copyright (C) 2013 Dan Fuhry <dan@fuhry.com>. MIT license.
##

type emulate 2>/dev/null && emulate sh -c

. "`dirname $0`/functions"

parse_args $@

check_environment

# scan /proc
populate_pid_list
echo "${#pids[@]} processes to dump"

# loop through all found processes and dump
i=0
successful=0
for pid in ${pids[@]}; do
	i=$[i+1]
	echo -n "Dumping process $i of ${#pids[@]}..."
	if ! test -d "/proc/$pid" ; then
		warn "pid $pid has died"
		continue
	fi
	mkdir -p "$outdir/by-pid/$pid"
	ps u "$pid" > "$outdir/by-pid/$pid/ps-u"
	if dump_process "$pid" "$outdir/by-pid/$pid"; then
		successful=$[successful+1]
	else
		rm -rf "$outdir/by-pid/$pid"
	fi
	echo -en "\r"
done

# sort by exe and by user
set +e
for pid in ${pids[@]}; do
	test -d "$outdir/by-pid/$pid" || continue

	exe="`readlink -f /proc/$pid/exe`"
	if test -n "$exe"; then
		exe="`basename $exe`"
		if [ -n "$exe" ]; then
			test -d "$outdir/by-exe/$exe" || mkdir -p "$outdir/by-exe/$exe"
			ln -sf "../../by-pid/$pid" "$outdir/by-exe/$exe/$pid"
		fi
	fi

	user="`stat -c %U /proc/$pid`"
	test -d "$outdir/by-user/$user" || mkdir -p "$outdir/by-user/$user"
	ln -sf "../../by-pid/$pid" "$outdir/by-user/$user/$pid"
done

# clear whole line
echo -en "\e[2K"
echo "Process dumping completed - successfully dumped $successful of ${#pids[@]} running processes."