-
Notifications
You must be signed in to change notification settings - Fork 2
djcapelis/memsnap
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Memsnap is a basic memory snapshotting tool that takes a process and dumps its memory into flatfiles at an interval you specify. Memsnap is able to handle multiple -p arguments and so can snapshot multiple processes at once, yielding memory snapshots from a group of processes which were all taken at similar times. By default, only read/write segments of memory are captured, each segment numbered into its own flat file in the current directory, once per second. Memsnap in its own words: $ ./memsnap -h Usage: memsnap [options] [command] -h Print usage -p <pid> Attach to <pid> -d <dir> Specify destination directory for snapshots -s <sec> Specify time interval between snapshots in seconds -m <ms> Specify time interval between snapshots in milliseconds -u <us> Specify time interval between snapshots in microseconds -f <snaps> Finish after taking <snaps> number of snapshots -g Snapshot all segments into one file globbed together -l Snap live, without pausing the process(es) being snapshot -a Snapshot all readable segments, incl read-only segs & mapped files -q Be quiet, do not output anything but errors Limitations: * Linux only * Makes all kinds of horrible assumptions about the current format of /proc/<pid>/maps * Only readable segments are pulled out of memory, segments of program memory that lack a read bit are filtered by memsnap. * While memsnap will happily set a system timer into the microsecond range, the effective control over snapshots is not nearly that good. Even offering this option is somewhat deceptive. Bugs: * Some race and timing conditions are present when processes die or are killed while being snapshotted and memsnap may not behave gracefully in all cases. (It makes attempts at being graceful normally.) * Memsnap is not graceful when processes it is trying to snapshot and ptrace are ptrace'd by other trace utilities. Future: * Produce coredumps * Increased timer resolution * Care about performance?