fmem 1.6.0 This repo is was originally a github mirror of the original fmem module. Later this repo became a maintained version of fmem to account for a changing Linux kernel. Bug reports and patches welcome. This module creates /dev/fmem device, that can be used for dumping physical memory, without limits of /dev/mem (1MB/1GB, depending on distribution) Tested on i386 and x64, feel free to test it on different architectures. (and send report please) Cloned from linux/drivers/char/mem.c (so GPL license apply) Original name of this tool was fdump, which was conflict with already existing tool, so name was changed to fmem 2009,2010 niekt0@hysteria.sk ----- Usage: $ make # ./run.sh # dd if=/dev/fmem of=... bs=1MB count=... ----- BUGS: if you do something like # dd if=/dev/fmem of=dump dd will never stop, even if there is no more physical RAM on the system. This is more a feature, because Linux kernel don't have stable API, and detection of mapped areas can be tricky on older kernels. Because primary usage for fmem is memory forensic, I think it is safer to specify amount of RAM by hand. -----