The dump command prints byte for byte what's in memory.
Here's how you would create dump.bin, a file that contains the entire contents in memory of the program whose PID is 12345:
$ proctal dump --pid=12345 > dump.bin
The --region option lets you specify which memory regions to dump. It takes the following values:
stack contents on the stack of every thread
heap contents on the heap
program-code instructions from the executable (does not include shared libraries)
These options let you specify whether the memory regions have to be readable, writeable or executable:
Here's how you would dump anything that is executable in memory to the file dump2.bin:
$ proctal dump --pid=12345 --execute > dump2.bin
The --address-start option specifies where to start
dumping the contents in memory and the --address-stop
option specifies where to stop.
Here's how you would dump the contents starting from the address 7F7BE75E0714 up to the address 7F7BE75ED1A0 to the file dump3.bin:
$ proctal dump --pid=12345 --address-start=7F7BE75E0714 --address-stop=7F7BE75ED1A0 > dump3.bin
The --pause option prevents the program from executing code while the command is running.