Dump VDSO via GDB

gdb /bin/bash
(gdb) b main
(gdb) r
(gdb) info proc map
Mapped address spaces:
          Start Addr           End Addr       Size     Offset objfile
      ...
      0x7ffff7fd1000     0x7ffff7fd3000     0x2000        0x0 [vdso]
      ...
(gdb) dump binary memory /tmp/vdso.so 0x7ffff7fd1000 0x7ffff7fd3000
(gdb) quit
file /tmp/vdso.so
/tmp/vdso.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1a3fac101214fe3ecfb3788d4f8af3018f1f2667, stripped

Over!

4 thoughts on “Dump VDSO via GDB”

  1. Excellent post. I was checking constantly this blog and I am impressed!
    Extremely helpful information specifically the last part 🙂 I
    care for such info a lot. I was seeking this particular
    info for a very long time. Thank you and good luck.

  2. Hi just wanted to give you a brief heads up
    and let you know a few of the images aren’t loading properly.
    I’m not sure why but I think its a linking issue. I’ve tried
    it in two different browsers and both show the same results.

  3. When I initially left a comment I appear to have clicked the -Notify me
    when new comments are added- checkbox and now every time a comment is added I receive 4
    emails with the exact same comment. There
    has to be a way you can remove me from that service? Thanks a lot!

Leave a Reply

Your email address will not be published. Required fields are marked *