# This procedure will take capture for a process
 
cat /proc/[PID]/maps
# find memory address
00622000-0066a000 rw-p 00622000 00:00 0                                  [heap]
 
gdb --pid [PID]
(gdb) dump memory /root/[outputfile] 0x00621000 0x00622000
 
xdd [outputfile] > [outputfile].hex
 
vimdiff [outputfile]1.hex [outputfile]2.hex

link: https://gist.github.com/fortable1999/1733b49002a30904aa00

Advertisements