fmem 1.6.0

This repo is was originally a github mirror of the original fmem module. Later this repo became a maintained version of fmem to account for a changing Linux kernel. Bug reports and patches welcome.

This module creates /dev/fmem device, that can be used for dumping physical memory, without limits of /dev/mem (1MB/1GB, depending on distribution)

Tested on i386 and x64, feel free to test it on different architectures. (and send report please)

Cloned from linux/drivers/char/mem.c (so GPL license apply)

Original name of this tool was fdump, which was conflict with already existing tool, so name was changed to fmem

2009,2010 [email protected]

Usage:

$ make

./run.sh

dd if=/dev/fmem of=... bs=1MB count=...

BUGS: if you do something like # dd if=/dev/fmem of=dump dd will never stop, even if there is no more physical RAM on the system. This is more a feature, because Linux kernel don't have stable API, and detection of mapped areas can be tricky on older kernels. Because primary usage for fmem is memory forensic, I think it is safer to specify amount of RAM by hand.