dump
#!/bin/bash
# parameters
GUEST_NAME_BASE=$1
GUEST_MEMORY_SIZE=(4096*1024*1024)
#GUEST_NAME="guest=${GUEST_NAME_BASE}"
GUEST_NAME="${GUEST_NAME_BASE}"
if [ `id -u` -ne 0 ]; then
echo "Must be run as root!"
exit 1
fi
if [ $# -ne 1 ];
then
echo "Usage:"
echo "sudo ./dump-guest-memory.sh GUEST_NAME"
exit 1
fi
echo_cmd() {
cmd="$*"
echo -e "\n\033[1;4;31m$cmd\033[0m"
sleep 1.5
}
clear
# List all VM
tput rmam
#cmd="ps axo user,pid,vsz,command | grep qemu-system-x86_64"
cmd="ps axo user,pid,vsz,command | grep -w $GUEST_NAME"
echo_cmd $cmd
#ps axo user,pid,vsz,command | grep qemu-system-x86_64
ps axo user,pid,vsz,command | grep -w $GUEST_NAME
#sleep 1
# Get all VM pids
#vm_pid_array=($(ps axo user,pid,vsz,command | grep "qemu-system-x86_64" | awk -F " " '{print $2}'))
vm_pid_array=($(ps axo user,pid,vsz,command | grep -w "$GUEST_NAME" | awk -F " " '{print $2}'))
#echo ${vm_pid_array[@]}
# Iterate vm_pid_array to dump memory
#for(( i=0;i<${#vm_pid_array[@]};i++)) do
proc_map_path=/proc/${vm_pid_array[i]}/maps
# Get the start HVA of a VM memory
if [ -f $proc_map_path ];then
sev_guest_str=($(ps axo user,pid,vsz,command | grep "${vm_pid_array[i]}" | grep "qemu-system-x86_64" | grep -w "$GUEST_NAME"))
if [ ! -z ${sev_guest_str} ]; then
echo -e "\n$GUEST_NAME PID: \e[1;4;34m${vm_pid_array[i]}\e[0m";
sleep 3
#echo -e "\nSEV VM PID: ${vm_pid_array[i]}";
#else
#echo -e "\nStandard VM PID: ${vm_pid_array[i]}";
fi
#clear
cmd="cat $proc_map_path"
#echo_cmd $cmd
echo -e "\n\033[1;4;31m$cmd\033[0m"
#cat $proc_map_path | head -28
cat $proc_map_path > maps
cat maps | while read line
do
echo $line | awk -F " " '{printf("%s %s",$1,$2)}' >> sort_maps
start_hva=($(echo $line | \
awk -F " " '{print $1}' | \
awk -F "-" '{print "0x"$2"-""0x"$1}'| \
awk -F "-" '{printf("%s",$2)}' | \
awk -F "x" '{print $2}' \
))
#echo $start_hva
((start_hva=0x$start_hva))
end_hva=($(echo $line | \
awk -F " " '{print $1}' | \
awk -F "-" '{print "0x"$2"-""0x"$1}'| \
awk -F "-" '{printf("%s",$1)}' | \
awk -F "x" '{print $2}' \
))
#echo $end_hva
((end_hva=0x$end_hva))
((mem_size=$end_hva-$start_hva))
#echo $mem_size
printf " %.8x " $mem_size >> sort_maps
echo $line | awk -F " " '{print $4,$5,$6}' >> sort_maps
done
echo -e "address\t\t\t perms\toffset\tdev inode\tpathname"
sort -rk3,3 sort_maps > sorted_maps
head -15 sorted_maps
# get vm_start_hva from sorted_maps
vm_start_hva=($(head -1 sorted_maps | \
awk -F " " '{print $1}' | \
awk -F "-" '{print $1}'))
#echo "vm_start_hva" $vm_start_hva
rm -rf maps sort_maps sorted_maps
echo -e "\nVM memory start: \e[1;4;34m0x$vm_start_hva\e[0m"
vm_start_hva_hex=`echo $vm_start_hva`
((vm_start_hva=0x$vm_start_hva))
((vm_start_hva=($vm_start_hva/4096)))
#echo $vm_start_hva
sleep 4
#clear
#set -x
# Dump the VM memory of the first page
cmd="dd if=/proc/${vm_pid_array[i]}/mem bs=4096 count=1 skip=(0x$vm_start_hva_hex/4096) | hexdump"
echo_cmd $cmd
dd if=/proc/${vm_pid_array[i]}/mem bs=4096 count=1 skip=$vm_start_hva | hexdump -C -v | head -12
#dd if=/proc/${vm_pid_array[i]}/mem bs=4096 count=1 skip=$vm_start_hva > vm_first_page
#set +x
fi
#done;
tput smam
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· winform 绘制太阳,地球,月球 运作规律
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
2020-07-30 secp256k1 - A tale of two elliptic curves