Tool for working with the memory of a running Linux process
You must be able to ptrace the process you wish to operate on. If something like yama is used then this may require root/CAP_SYS_PTRACE even for processes you own.
(This tool doesn't use ptrace, rather it uses process_vm_readv / process_vm_writev but the access checks are the same)
I wrote this tool to use in some scripts. Some of the actions that can be performed only make sense on a stopped process (SIGSTOP/SIGCONT etc) and may cause terrible things to happen otherwise! This tool isn't magic - memory permissions must allow you to perform write actions etc (for a hacky way to update memory permissions in another process (x86_64 only) see tools directory)
Dump the stack of a process to a file:
procsplice -sd -p 1234 -f /tmp/stack_1234
Dump the heap of a process to a file:
procsplice -hd -p 1234 -f /tmp/heap_1234
Dump main process to a file:
procsplice -cd -p 1234 -f /tmp/code_1234
Dump some part of process memory to a file:
procsplice -ad -p 1234 -i 5562ad385000 -o 5562ad489000 -f /tmp/something_1234
Load file to stack:
procsplice -sl -p 1234 -f /tmp/stack_1234
Load file to heap:
procsplice -hl -p 1234 -f /tmp/heap_1234
Load file to code:
procsplice -cl -p 1234 -f /tmp/code_1234
Load file somewhere:
procsplice -al -p 1234 -i 5562ad385000 -o 5562ad489000 -f /tmp/lucky_something_1234