function::proc_mem_data - Linux


function::proc_mem_data retrieves memory data for an individual process. It can be used for debugging, performance analysis, or to obtain a snapshot of the process’s memory state.


proc_mem_data session_id process_id data_type [offset]


  • -d (default): Data is returned as a hex dump.
  • -x: Data is returned as a hex string.
  • -j: Data is returned as a JSON object.
  • -o: Offset in bytes from the beginning of the data. Defaults to 1024 if omitted.


To dump the first 1024 bytes of memory for process 12345 in a hex dump format, use:

proc_mem_data 1 12345 -d

To retrieve the data as a JSON object starting at offset 4096, use:

proc_mem_data 1 12345 -j -o 4096

Common Issues

  • Ensure that you have the necessary permissions to access the process’s memory.
  • If the offset is too large, you may receive an error.
  • The data returned may be truncated if the process’s memory is not contiguous.


function::proc_mem_data can be combined with other Linux commands to perform advanced tasks. For example, you can use grep to search for specific patterns in the memory dump.

proc_mem_data 1 12345 -d | grep my_pattern

Related Commands

  • proc_stat – Gets the process’s status information.
  • proc_fdinfo – Gets the process’s open file descriptors.
  • proc_maps – Gets the process’s memory maps.