linux - Attempting to access RAM /dev/mem... says "Operation not permitted"
2014-04
I am using Ubuntu 12.04
I read the following tutorial on how to access the contents of RAM in Linux....
http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/
Code:
dd if=/dev/mem | hexdump -C | grep “string to search for”
So, I run the code...
Code:
sudo dd if=/dev/mem | hexdump -C > NAMEOFOUTPUTFILEHERE.txt
And... it starts pumping out HEX code, until a few seconds later, where it says:
dd: reading `/dev/mem': Operation not permitted
2056+0 records in
2056+0 records out
1052672 bytes (1.1 MB) copied, 0.44834 s, 2.3 MB/s
So basically.. I am able to get about 3.3 MB of RAM dump contents-- until the program stops, saying "Operation not permitted"
And so I am wondering why am I not able to dump the entire contents of RAM? Is this a deliberate limitation in Ubuntu, to stop malicious hackers? Or, is it something else? Does anybody know? Thanks
So I'm trying to search through all my memory for a specific string, but I don't know how to get access to the contents of my memory.
I try to run this but get an error message:
~$ sudo cat /dev/mem | strings | grep findme
[sudo] password for user:
cat: /dev/mem: Permission denied
I'm running Ubuntu 9.04 64-bit with the 2.6.28-15-generic kernel. From my understanding it's some sort of built-in protection. How can I get around this if sudo isn't sufficient?
Access to "real" memory via /dev/mem has been disabled by this kernel patch. So your options are to either recompile your kernel with the NONPROMISC_DEVMEM option disabled or you try a different route, such as writing your own kernel module. Happy kernel hacking!