Click here to Skip to main content
11,581,982 members (77,772 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: Linux Ubuntu
I am using Ubuntu 12.04

I read the following tutorial on how to access the contents of RAM in Linux....

http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/

dd if=/dev/mem | hexdump -C | grep “string to search for”

So, I run the code...

sudo dd if=/dev/mem | hexdump -C > NAMEOFOUTPUTFILEHERE.txt

And... it starts pumping out HEX code, until a few seconds later, where it says:

dd: reading `/dev/mem': Operation not permitted
2056+0 records in
2056+0 records out
1052672 bytes (1.1 MB) copied, 0.44834 s, 2.3 MB/s

So basically.. I am able to get about 3.3 MB of RAM dump contents-- until the program stops, saying "Operation not permitted"

.... And so... I am wondering... why am I not able to dump the entire contents of RAM? Is this a deliberate limitation in Ubuntu, to stop malicious hackers..? Or, is it something else..? Does anybody know..? Thanks
Posted 7-Mar-13 1:49am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

OK... forget it... turns out Ubuntu has 1 MB limit on RAM extraction, as defined in the kernel.. and obviously, that's good security, because then a hacker can't extract your passwords from RAM etc...

And so... yeah.... this thread is now SOLVED

Here is the full info, for anyone interested....

Quote:
if your kernel was compiled with STRICT_DEVMEM=y (see e.g. /boot/config-KERNELVERSION) then only the first 1MB is read from /dev/mem . This isn’t so much a kernel version issue, as a result of how your own machine’s kernel was compiled; most distro kernels will have this restriction in place for good reason.

You can download and insmod the forensic kernel module fmem to work around this; at your own risk! rmmod it as soon as possible afterwards. The fmem module provides a /dev/fmem device without any security restrictions.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 345
1 Sergey Alexandrovich Kryukov 220
2 Andy Lanng 114
3 virusstorm 109
4 Kornfeld Eliyahu Peter 90
0 OriginalGriff 1,358
1 Sergey Alexandrovich Kryukov 970
2 Abhinav S 671
3 F-ES Sitecore 505
4 Suvendu Shekhar Giri 448


Advertise | Privacy | Mobile
Web03 | 2.8.150603.1 | Last Updated 7 Mar 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100