I recently made a kext that can completely dump out the kernel memory through a /dev/kmem device.
You can get the kernel extensions & the sources from:
http://rapidshare.com/files/218537266/KernelMemoryAccess-1.0.1.zip
I've used this for dumping out my BIOS ROM modules and so...
This is the command I used to completely dump the kernel memory:
sudo dd if=/dev/kmem of=test.bin iseek=638976 bs=1
Every ROM module starts with 0x55 0xAA
An example of this can be found here:
http://rapidshare.com/files/231432488/BIOS_ROMS.zip
Enjoy and learn ;)
Credits go to Amit Singh (www.osxbook.com)
and me...

Anybody tried this on their computers?
If one would be able to provide dumps from real Macs (complete ones) they could be used to examine some things (and maybe find some interesting things which could be used to improve certain kernel, etc... features)

Perhaps the people don't really know hat's it for... nether do I :) Maybe explain a bit better what's the use for it. But anyway, I'm just repairing permissions and will reboot my test system in a moment. Let's see what big crash you have planned for our pleasure... :D

Perhaps the people don't really know hat's it for... nether do I :) Maybe explain a bit better what's the use for it. But anyway, I'm just repairing permissions and will reboot my test system in a moment. Let's see what big crash you have planned for our pleasure... :D
It's ment to get kernel memory data and do kernel memory patches through the /dev/kmem device...
The second requires a lot of knowledge on how the kernel memory works...
Crash? lol no... I extensively tested this and it works great ;)

OMG it reads out all my passwords and sends them to Microsoft! :confused:

Hm, don't know what this is. When I enter the line above in Terminal I'll get always this output:
dd: /dev/kmem: Bad address
0+0 records in
0+0 records out
0 bytes transferred in 0.000185 secs (0 bytes/sec)
The same happens when I specify a file name of the bios files of the other archive, only the time varies.

Oh yeah, I'm using XxX 10.5.6 and a 9.6.0 kernel from you, but don't ask me which one.

OMG it reads out all my passwords and sends them to Microsoft! :confused:

Hm, don't know what this is. When I enter the line above in Terminal I'll get always this output:
dd: /dev/kmem: Bad address
0+0 records in
0+0 records out
0 bytes transferred in 0.000185 secs (0 bytes/sec)
The same happens when I specify a file name of the bios files of the other archive, only the time varies.

Oh yeah, I'm using XxX 10.5.6 and a 9.6.0 kernel from you, but don't ask me which one.
Yeah it probably the iseek part...
It needs to be the addres of the start of the kernel memory...
Then it'll dump out XXX records (like it did for me...)
The eventual file generated was +- 6MB for me
-rw-r--r-- 1 andyvand staff 6262784 1 apr 12:36 /Users/andyvand/Documents/EasyNote MZ-35 Kernel Mem/kmem.bin

Do you have an Intel or AMD system? Add your system specs in the sinature plz.

#include "/Users/andyvand/Downloads/Kernels/voodoobuild-0.3.2/xnu-1228.9.59/bsd/sys/uio_internal.h"

Why not include that header instead? and fix what remains to be fixed, it should be a trivial thing.

And one request: please credit the original author in your starting post.

This isn't something average users would need/want, might be worth noting that too, even better, posting this link ( http://www.osxbook.com/book/bonus/chapter8/kma/ ) would be more helpful.

Thanks.

#include "/Users/andyvand/Downloads/Kernels/voodoobuild-0.3.2/xnu-1228.9.59/bsd/sys/uio_internal.h"

Why not include that header instead? and fix what remains to be fixed, it should be a trivial thing.

And one request: please credit the original author in your starting post.

This isn't something average users would need/want, might be worth noting that too, even better, posting this link ( http://www.osxbook.com/book/bonus/chapter8/kma/ ) would be more helpful.

Thanks.
The credits are present in the sources and now they have been said...
He used a standard driver which depended on deprecated .kernel components...
I fixed it up to an iokit driver and I've made sure it was all .kpi components...
It's a great tool for many things...
But OK ... I will

The credits are present in the sources and now they have been said...
...
But OK ... I will
I know it's in the sources/README, I specifically said in your "starting post", which means here in this thread; it was more of a reply to clear a likely possible misunderstanding of your announcement:
I recently made a kext that can completely dump out the kernel memory through a /dev/kmem device.
...

If you don't know what this does, keep far away from it, and I mean far. There is a reason why Apple removed this. I can't think of any useful reason to use it which cannot be made in a another more safe way. And the security implications are huge. Although you need root access, full access to kernel memory from user space is ugly.