On 21-Apr-20 12:06 PM, Feng Li wrote:
#include <sys/mman.h> #include <time.h> #include <stdint.h> #include <unistd.h> #include <stdlib.h> #include <stdio.h>int main(int argc, char** argv) { // FIXME(fengli): XXXXX uint64_t gb = atoi(argv[1]); void* ptr = mmap(0, gb << 30, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (ptr == (void*)-1) { perror("[-] mmap failed with MAP_PRIVATE | MAP_ANONYMOUS"); exit(1); } while(1) sleep(1); return 0; }
DONTDUMP is available since Linux 3.4. I presume our minimum kernel version is higher than that.
I have little idea of how dumping works, but reading the manpage for madvise, DONTDUMP should be the way to go here. Also, reading up on PROT_NONE, i can't find any references to this memory necessarily being excluded from core dumps.
That said, I've run the program above, and i got a core dump sized ~100K. Do i need any special configuration to trigger core dump that would include that anonymous memory?
-- Thanks, Anatoly
