I am using Ubuntu 11.10, and wish to simply know whether I can dump all physical memory and swap, as due to some kernel restrictions, I can't dd
/dev/mem
, even as superuser.
Is there any workaround or option to allow dd
'ing /dev/mem
or a dedicated tool made to do this correctly?
Best Answer
Use fmem
You used to be able to simply
dd /dev/mem
back in the day, but no longer for security reasons (since kernel 2.6, IIRC).The alternative is to either build the kernel yourself wih the option to let root do that (will edit with name later, on phone now) OR better, use fmem, a kernel module which creates a
/dev/fmem
device pretty much meant for easy dumping.fmem works great for me on 12.04. Just make sure you use the
run.sh
file included in the tarball to load the module; do not useinsmod
: