Skip to content

djcapelis/memsnap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Memsnap is a basic memory snapshotting tool that takes a process and dumps its memory into flatfiles at an interval you specify.  Memsnap is able to handle multiple -p arguments and so can snapshot multiple processes at once, yielding memory snapshots from a group of processes which were all taken at similar times.  By default, only read/write segments of memory are captured, each segment numbered into its own flat file in the current directory, once per second.

Memsnap in its own words:
$ ./memsnap -h
Usage: memsnap [options] [command]
        -h Print usage
        -p <pid> Attach to <pid>
        -d <dir> Specify destination directory for snapshots
        -s <sec> Specify time interval between snapshots in seconds
        -m <ms> Specify time interval between snapshots in milliseconds
        -u <us> Specify time interval between snapshots in microseconds
        -f <snaps> Finish after taking <snaps> number of snapshots
        -g Snapshot all segments into one file globbed together
        -l Snap live, without pausing the process(es) being snapshot
        -a Snapshot all readable segments, incl read-only segs & mapped files
        -q Be quiet, do not output anything but errors

Limitations:
* Linux only
* Makes all kinds of horrible assumptions about the current format of /proc/<pid>/maps
* Only readable segments are pulled out of memory, segments of program memory that lack a read bit are filtered by memsnap.
* While memsnap will happily set a system timer into the microsecond range, the effective control over snapshots is not nearly that good.  Even offering this option is somewhat deceptive.

Bugs:
* Some race and timing conditions are present when processes die or are killed while being snapshotted and memsnap may not behave gracefully in all cases.  (It makes attempts at being graceful normally.)
* Memsnap is not graceful when processes it is trying to snapshot and ptrace are ptrace'd by other trace utilities.

Future:
* Produce coredumps
* Increased timer resolution
* Care about performance?

About

Memory snapshotting tool

Resources

Stars

Watchers

Forks

Packages

No packages published