Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: Linux Ubuntu
I am using Ubuntu 12.04
 
I read the following tutorial on how to access the contents of RAM in Linux....
 
http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/
 
dd if=/dev/mem | hexdump -C | grep “string to search for”
 
So, I run the code...
 
sudo dd if=/dev/mem | hexdump -C > NAMEOFOUTPUTFILEHERE.txt
 
And... it starts pumping out HEX code, until a few seconds later, where it says:
 
dd: reading `/dev/mem': Operation not permitted
2056+0 records in
2056+0 records out
1052672 bytes (1.1 MB) copied, 0.44834 s, 2.3 MB/s
 
So basically.. I am able to get about 3.3 MB of RAM dump contents-- until the program stops, saying "Operation not permitted"
 
.... And so... I am wondering... why am I not able to dump the entire contents of RAM? Is this a deliberate limitation in Ubuntu, to stop malicious hackers..? Or, is it something else..? Does anybody know..? Thanks
Posted 7-Mar-13 2:49am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

OK... forget it... turns out Ubuntu has 1 MB limit on RAM extraction, as defined in the kernel.. and obviously, that's good security, because then a hacker can't extract your passwords from RAM etc...
 
And so... yeah.... this thread is now SOLVED
 
Here is the full info, for anyone interested....
 
Quote:
if your kernel was compiled with STRICT_DEVMEM=y (see e.g. /boot/config-KERNELVERSION) then only the first 1MB is read from /dev/mem . This isn’t so much a kernel version issue, as a result of how your own machine’s kernel was compiled; most distro kernels will have this restriction in place for good reason.
 
You can download and insmod the forensic kernel module fmem to work around this; at your own risk! rmmod it as soon as possible afterwards. The fmem module provides a /dev/fmem device without any security restrictions.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 587
1 Sergey Alexandrovich Kryukov 479
2 Maciej Los 305
3 Mathew Soji 195
4 Richard MacCutchan 145
0 OriginalGriff 7,356
1 Sergey Alexandrovich Kryukov 6,712
2 DamithSL 5,461
3 Manas Bhardwaj 4,916
4 Maciej Los 4,475


Advertise | Privacy | Mobile
Web02 | 2.8.1411023.1 | Last Updated 7 Mar 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100