Ram Memory (/dev/mem)

A practical walkthrough of enabling and safely accessing /dev/mem on modern Linux systems, covering required kernel configuration options and high-signal command-line techniques for extracting readable data from physical memory without unnecessary noise

---

Unlock /dev/mem so we can read data from it

• By setting the below kernel configurations to =n we wont see messages as hexdump: /dev/mem: Operation not permitted anymore

Kernel Settings

To enable /dev/mem device we must set CONFIG_DEVMEM to =y in kernel

Say =Y here if you want to support the /dev/mem device.
The /dev/mem device is used to access areas of physical memory

CONFIG_DEVMEM=y

Disable strict /dev/mem`

CONFIG_STRICT_DEVMEM=n

Often also needed) disable IO strict /dev/mem

CONFIG_IO_STRICT_DEVMEM=n

---

Comamnds

Only human-ish text” filter for strings (drops repetitive/bloat lines)

strings -a -n 50 /dev/mem \
| grep --line-buffered -E '[A-Za-z_]{4,}' \
| grep --line-buffered -Ev '^([ -~] )?([A-Za-z0-9])(\s\2[ -~]){20,}$' 

Quick sanity read (first 256 bytes, hex+ASCII)

dd if=/dev/mem bs=1 count=256 status=none | hexdump -C

Resource(s)

• http://kernelconfig.io/CONFIG_STRICT_DEVMEM
• https://man7.org/linux/man-pages/man4/mem.4.html