MCPcopy
hub / github.com/evilsocket/opensnitch / readMem

Method readMem

daemon/procmon/details.go:665–683  ·  view source on GitHub ↗

given a range of addrs, read it from mem and return the content

(mappings []MemoryMapping)

Source from the content-addressed store, hash-verified

663
664// given a range of addrs, read it from mem and return the content
665func (p *Process) readMem(mappings []MemoryMapping) ([]byte, error) {
666 var elfCode []byte
667 memFile, err := os.Open(p.pathMem)
668 if err != nil {
669 return nil, err
670 }
671 defer memFile.Close()
672
673 for _, mapping := range mappings {
674 memFile.Seek(int64(mapping.StartAddr), io.SeekStart)
675 code := make([]byte, mapping.EndAddr-mapping.StartAddr)
676 _, err = memFile.Read(code)
677 if err != nil {
678 return nil, err
679 }
680 }
681
682 return elfCode, nil
683}

Callers 1

dumpFileImageMethod · 0.95

Calls 3

ReadMethod · 0.80
CloseMethod · 0.65
OpenMethod · 0.45

Tested by

no test coverage detected