snapshot of memory for process on mac?

Question

I want to take a snapshot of memory of process in action on mac. I have no idea how to do it.

I have IDA-PRO for mac with me. Can it be used? How?

Can anyone suggest me a way to do this? (some documentation or example). May be some techniques from uni can be used but I am also not aware of that.

I dont want to kill the process as I want to see whats changing after execution of instructions/commands.

@shr's answer is one (very useful) interpretation of your request. I assumed 'snapshot' meant 'running view of memory usage over time'. 1, the other, both, or another? ;-) Good luck. — shellter, Aug 23 '11 at 16:33
@shellter: snapshot mean running view of memory. I dont want to kill the process as I want to see whats changing after execution of instructions/commands. — RLT, Aug 24 '11 at 03:16

shr · Accepted Answer · 2011-08-31T08:44:32.400

You can send a signal to a running process to dump core into a file, which can be used with gdb later for postmortem analysis.

kill -ABRT <process-id>

It seems that you must configure your system to enable core dump. See http://developer.apple.com/library/mac/#technotes/tn2124/_index.html for details.

UPDATE:

Well, above link introduces a third party implementation of gcore, a command line tool to make a core dump of running processes:

You may just want to grab the source and try:

To make a single FAT binary to use with ppc/i386/x86_64, just modify following lines from Makefile:

gcore: gcore.c
        gcc -O2 -arch ppc -arch i386 -Wall -o $@ $<

as:

gcore: gcore.c
        gcc -O2 -arch ppc -arch i386 -arch x86_64 -Wall -o $@ $<

I dont want to kill the process as I want to see whats changing after execution of instructions/commands. — RLT, Aug 24 '11 at 03:16
Thank you. But this is unclear. What works? What do we have to do?? — Nicolas Barbulesco, May 28 '16 at 12:53

1 Answers1