Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes, but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to read physical memory, such as byte, word, dword, qword, and buffer access mode, where buffer access mode is appropriate in most standard cases. If reading requires an aligned byte/word/dword/qword read, Linpmem will do precisely that. Currently, the Linpmem features: Read from physical address (access mode byte, word, dword, qword, or buffer) CR3 info service (specify target process by pid) Virtual to physical address translation service Cache Control is to be added in future for support of the specialized read access modes. Building the kernel driver At least for now, you must compile the Linpmem driver yourself. A method to load a precompiled Linpmem driver on other Linux systems is currently under work, but not finished yet. That said, compiling the Linpmem driver is not difficult, basically it's executing 'make'. Step 1 – getting the right headers You need make and a C compiler. (We recommend gcc, but clang should work as well). Make sure that you have the linux-headers installed (using whatever package manager your target linux distro has). The exact package name may vary on your distribution. A quick (distro-independent) way to check if you have the package installed: ls -l…Read More