linux poison RSS
linux poison Email

How to read the content from the RAM (Random Access Memory)

RAM Stands for "Random Access Memory,". RAM is made up of small memory chips that form a memory module. These modules are installed in the RAM slots on the motherboard of your computer.

RAM (random access memory) is the place in a computer where the operating system, application programs, and data in current use are kept so that they can be quickly reached by the computer's processor. RAM is much faster to read from and write to than the other kinds of storage in a computer, the hard disk, floppy disk, and CD-ROM. However, the data in RAM stays there only as long as your computer is running. When you turn the computer off, RAM loses its data. When you turn your computer on again, your operating system and other files are once again loaded into RAM, usually from your hard disk.

On Linux, it is possible to access and analyze RAM contents. There are some interesting information such as logins, passwords or session cookies ...

In Linux, everything is a file so the path to the RAM file is /dev/mem. To dump its contents, you can use the following command as root only:
hexdump -c /dev/mem
and you should see something like ...

00fea90   s   t   a   r   t   e   d   ,       b   u   t       t   i   m
00feaa0   e       m   a   y       b   e       i   n   a   c   c   u   r
00feab0   a   t   e   .  \r  \n  \0   A   t   t   e   m   p   t   i   n
00feac0   g       B   I   O   S       u   p   d   a   t   e   ;       p
00fead0   l   e   a   s   e       w   a   i   t   .   .   .  \r  \n  \n
00feae0  \0   B   I   O   S       U   p   d   a   t   e       S   u   c
00feaf0   c   e   s   s   f   u   l  \r  \n  \n  \0   B   I   O   S   
00feb00   U   p   d   a   t   e       F   a   i   l   e   d   !  \r  \n
00feb10  \0   T   h   e       f   i   r   m   w   a   r   e       i   m
00feb20   a   g   e       f   a   i   l   e   d       o   n   e       o
00feb30   r       m   o   r   e       c   o   n   s   i   s   t   e   n
00feb40   c   y       c   h   e   c   k   s   .  \r  \n  \0   C   o   u



0 comments:

Post a Comment

Related Posts with Thumbnails