current community

your communities

more stack exchange communities

Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 0 down vote favorite

I've decided to play around dumping all process memory of couple utilities in order to find out, how much trace of sensitive info an attacker could theoretically obtain from app's memory.

I've found this one-liner for dump purposes:

grep rw-p /proc/$1/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch --pid $1 -ex "dump memory $1-$start-$stop.dump 0x$start 0x$stop"; done

Unfortunately, I do not use Bash fluently and faced with a lot of spawned by this script dump files(all about kilobytes sized).

So, my question is: how can I use strings command line tool in order to grep all null terminated strings to one file?

So, I wrote something like this(goes in infinite loop without any result):

for f in *.dump; do strings $1 > foo.txt; done

I know, that this one liner is close to my goal, but I can't finally make it work.

share|improve this question

1 Answer 1

up vote 2 down vote accepted

How about this. Use of ">>" to append to file rather than overwriting the file each time.

rm foo.txt
for f in *.dump; do strings $f >> foo.txt; done

To aid your reviewing, you might want to also pipe it through "sort -u" to remove any duplicates.

Might take a while to run if you've many large .dump files.

share|improve this answer
    
Cheers! Next time I should be more attentive –  im_infamous Aug 8 at 20:30

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.