linux - Attempting to access RAM /dev/mem... says "Operation not permitted"

06
2014-04
  • Questioner

    I am using Ubuntu 12.04

    I read the following tutorial on how to access the contents of RAM in Linux....

    http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/

    Code:

    dd if=/dev/mem | hexdump -C | grep “string to search for”

    So, I run the code...

    Code:

    sudo dd if=/dev/mem | hexdump -C > NAMEOFOUTPUTFILEHERE.txt

    And... it starts pumping out HEX code, until a few seconds later, where it says:

    dd: reading `/dev/mem': Operation not permitted
2056+0 records in 
2056+0 records out
1052672 bytes (1.1 MB) copied, 0.44834 s, 2.3 MB/s

    So basically.. I am able to get about 3.3 MB of RAM dump contents-- until the program stops, saying "Operation not permitted"

    And so I am wondering why am I not able to dump the entire contents of RAM? Is this a deliberate limitation in Ubuntu, to stop malicious hackers? Or, is it something else? Does anybody know? Thanks

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    linux - Command-line access to /dev/mem in Ubuntu
  • Shane

    So I'm trying to search through all my memory for a specific string, but I don't know how to get access to the contents of my memory.

    I try to run this but get an error message:

    ~$ sudo cat /dev/mem | strings | grep findme
[sudo] password for user:
cat: /dev/mem: Permission denied

    I'm running Ubuntu 9.04 64-bit with the 2.6.28-15-generic kernel. From my understanding it's some sort of built-in protection. How can I get around this if sudo isn't sufficient?


    • Related Answers
  • Kim

    Access to "real" memory via /dev/mem has been disabled by this kernel patch. So your options are to either recompile your kernel with the NONPROMISC_DEVMEM option disabled or you try a different route, such as writing your own kernel module. Happy kernel hacking!