On Red Hat systems (and derived distros such as CentOS), the crash driver can be loaded to create a pseudo-device for memory access ("modprobe crash").
See, for example, the message accompanying this patch. Throughout the 2.6 kernel series the trend has been to reduce direct access to memory via pseudo-device files. And in the most recent, /dev/mem is no longer available by default, either. In even more recent kernels, /dev/mem has additional restrictions. In recent Linux kernels, /dev/kmem is no longer available. On Unix systems, the program dd can be used to capture the contents of physical memory using a device file (e.g. Both devices work as regular files, and can be used with dd or any other file manipulation tool. ' /dev/mem' is linked to the physical system memory, whereas ' /dev/kmem' maps to the entire virtual memory space, including any swap. Linux provides two virtual devices for this purpose, ' /dev/mem' and ' /dev/kmem', though many distributions disable them by default for security reasons.
0 kommentar(er)
