Skip to content

takah/malware-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

README.md

README.md

 
 

dump-all-memory-of-pid.sh

dump-all-memory-of-pid.sh

 
 

Repository files navigation

Analyzing malwares

Dump a linux process's memory to file

https://serverfault.com/questions/173999/dump-a-linux-processs-memory-to-file

How to capture all network traffic of a single process

If the process is not started yet, you can start it as a new process and monitor it using the following

strace -f -e trace=network -s 10000 <PROCESS WITH ARGUMENTS>;

If the process is already started and you know its PID you can use the following

strace -f -e trace=network -s 10000 -p <PID>;

https://bytefreaks.net/gnulinux/how-to-capture-all-network-traffic-of-a-single-process

Recommended options:

$ strace -o log-x86 -fx ./x86

-o: write to log file
-f: trace forked process
-x: print out as hexadecimal

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages