emdumper
| Crates.io | emdumper |
| lib.rs | emdumper |
| version | 0.7.0 |
| created_at | 2025-03-10 19:12:51.938048+00 |
| updated_at | 2025-05-04 13:54:05.07395+00 |
| description | A tool to acquire the physical memory on linux systems (root is necessary) |
| homepage | |
| repository | https://github.com/ph0llux/emd |
| max_upload_size | |
| id | 1587090 |
| size | 52,813 |
ph0llux (ph0llux)
documentation
README
emd
The eBPF memory dumper is able to dump the physical memory on a linux machine, using an eBPF filter.
This works even the kernel is in lock down mode (integrity) or /proc/kcore is not available on system.
You need root privileges to use this tool.
Prerequisites
- stable rust toolchains:
rustup toolchain install stable - nightly rust toolchains:
rustup toolchain install nightly --component rust-src - bpf-linker:
cargo install bpf-linker
build
cargo build --release
install via cargo
cargo install emdumper
usage
sudo ./emd -o output-file.bin
to show all options, you can use
./emd -h