Backend / DevOps / Architect
Brit by birth,
located worldwide

All content © Alex Shepherd 2008-2024
unless otherwise noted

Nifty RAM Dump/Sort script

Published
1 min read
image
Image Credit: Ildar Sagdejev

Hello again! Second post in one day! Whooo! Just a quick one though because I want to go home! It's 5 o'clock!

I've been charged recently with helping to track down somebody else's (grr!) memory leak in a piece of software. The program was eating about 30% of our server's 2Gb of RAM. It seemed to make sense to do some kind of RAM dump.

As with most things linux oriented, as soon as you know how to access the relevant doohickies, the entire thing's a piece of cake, so I wrote a little script so I could do the entire process again. It really is simple, but it's such a useful little doobrie that I had to post it.

WARNING: I have not written any error checking into this, so you may want to write some break points or something into it before running.

Stage 1: The script frees any unused memory by synchronising any loose data then passing a number to /proc/sys/vm/drop_caches.

Stage 2: It then uses dd as root to take a byte-for-byte copy of the current contents of the RAM from /dev/mem.

Stage 3: It then parses any ascii characters from it and passes it through various sorting procedures to come up with a list of strings found in the RAM sorted from least found to most commonly found.

Anyway... Here's the script (special thanks to Wordpress for utterly destroying any semblance of formatting):

#!/bin/bash
IMGFILE="ramdump-`date +%d%m%y`.img"
TXTFILE="ramdump-`date +%d%m%y`.txt"
echo "************************************************"
echo "*       n00bsys0p's RAM dumper and sorter      *"
echo "*               written 04/2009                *"
echo "*     Use it for whatever the hell you want    *"
echo "*      and don't blame me if you hose your     *"
echo "*           computer by being a retard         *"
echo "************************************************"

echo "Stage 1 (Freeing unused RAM). Requires root privileges."

if [ $UID == 0 ]; then
        echo "Already root, continuing"
fi

su -c "sync; echo 3 > /proc/sys/vm/drop_caches"

echo "Stage 2 (RAM dump). Also requires root privileges..."
if [ $UID == 0 ]; then
        echo "Already root, continuing"
fi
su -c "dd if=/dev/mem of=$IMGFILE && chmod a+rw $IMGFILE"
echo -e "\n\
RAM Dumped to $IMGFILE.\n\
Stage 3 (Sort $IMGFILE). This may take a very long time..."
strings $IMGFILE | sort -fd | uniq -c | sort -n > $TXTFILE
echo -e "\n\
RAM dump sorted in $TXTFILE.\n\
Items are listed and numbered by order of occurrence."

Hope it's useful to someone.

n00b