I want to be able to view the contents of all process control blocks (PCB) in memory. The goal of this is to identify every running process by looking at physical memory alone. I believe that PCBs are stored in kernel space. My plan is to do dump all data from kernel space into a file and then scan through it for identifying information. My machine is running Linux kernel version 4.16. Is there a straightforward way to read kernel memory?
↧