Reading Entire RAM using LiME - Linux Memory Extractor
Pramod Kumar Gupta
DevOps Intern @Signzy★ 3x RedHat Certified★ RHCSA ★ EX180 ★ EX280 ★ Ansible ★ AWS Cloud ★ Python ★ Jenkins ★ Docker ★OpenShift
When your teacher informs you that upon initializing a variable, such as with the examples
"z = 'Hello'" or "x = 5", it is stored in RAM.
H?????? ?????? ???????? ?????????? ?????? ?????????? ???? ?????? ?????????? ???????? ?????????????????????? ?????????????????? ?????? ???????????? ?????????????????????? ???? ??????,????????? ?????????? ???? ???????????? ???????????????????
How can we prove this -
We can prove this practically by reading the ram.
So lets find out how to read entire ram-
Prerequisites
??????E
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network.
Kernel-devel
This package contains the development files and resources required to build external kernel modules or loadable kernel modules (LKMs) that can be dynamically added or removed from the running kernel. These modules extend the functionality of the kernel or provide device drivers for specific hardware.
Kernel-headers
This package contains the C header files that are required for building and compiling software that interacts with the kernel. These header files define various data structures, function prototypes, and constants used by the kernel and its modules.
git
Git command is needed for cloning the repositorty.
Operating System
Linux
First we need to install modules kernel-devel and kernel-headers
yum install kernel-devel kernel-headers
Then install git
yum install git
Then clone or download the LiME repository
git clone https://github.com/Pramod123789/LiME.git
Now go inside LiME folder
领英推荐
cd LiME
ls
Go to inside src folder
cd src
ls
In src folder there are c programs . Compile it using make command . Install make coomand if it is not available,
yum install gcc
yum install make
After installing -
make
Now if we do ls we can find a file named with "lime-4.18.0-80.el8.x86_64.ko" which is kernel object module file. It can directly loaded on the ram.
This module gives kernel capability to read and capture RAM.
To get more information about this module use the following command
modinfo module_name
modinfo lime-4.18.0-80.el8.x86_64.ko
Now open python interpreter and initialize a variable-
z="Hello_This_is_Pramod"
Now capture the ram data using the command-
insmod
This command is used to to load the module, passing required arguments for its execution .
insmod /root/LiME/src/lime-4.18.0-80.el8.x86_64.ko path=/myram.data format=raw
Now to check z is stored or not run the following command
?cat /myram.data | strings | grep Hello_This_is_Pramod
As we can see its showing the value of z .
Thanks for reading.
Senior Support Engineer II - Digital Services | SaaS Product Support | Linux Administrator
1 年Thank you Pramod, good Job!!
Devops Engineer at Appsquadz || AWS || RHEL || Docker || Kubernetes || Ansible || Jenkins || Terraform || GitAction || Python || C++ || Web devloper
1 年Informative Post