snapshot of memory for process on mac?

StackOverflow https://stackoverflow.com/questions/7164232

Question

I want to take a snapshot of memory of process in action on mac. I have no idea how to do it.

I have IDA-PRO for mac with me. Can it be used? How?

Can anyone suggest me a way to do this? (some documentation or example). May be some techniques from uni can be used but I am also not aware of that.

I dont want to kill the process as I want to see whats changing after execution of instructions/commands.

Was it helpful?

Solution

You can send a signal to a running process to dump core into a file, which can be used with gdb later for postmortem analysis.

kill -ABRT <process-id>

It seems that you must configure your system to enable core dump. See http://developer.apple.com/library/mac/#technotes/tn2124/_index.html for details.

UPDATE:

Well, above link introduces a third party implementation of gcore, a command line tool to make a core dump of running processes:

http://www.osxbook.com/book/bonus/chapter8/core/

You may just want to grab the source and try:

http://www.osxbook.com/book/bonus/chapter8/core/download/gcore-1.3.tar.gz

To make a single FAT binary to use with ppc/i386/x86_64, just modify following lines from Makefile:

gcore: gcore.c
        gcc -O2 -arch ppc -arch i386 -Wall -o $@ $<

as:

gcore: gcore.c
        gcc -O2 -arch ppc -arch i386 -arch x86_64 -Wall -o $@ $<
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top