Searching a process' memory on Linux

tags:

linux
memory

views:

answers:

+1 Q:

Searching a process' memory on Linux

How can I search the memory state of an process in Linux? Specifically I wish to identify certain regions of interest, and peek at them at regular intervals, possibly occasionally poking new values.

I suspect an answer may involve calls to ptrace(), and reading /proc/[pid]/mem, but need more to go on.

+1 A:

I believe you can achieve what you want by parsing /proc/[pid]/maps -- I've used that to diagnose invalid pointers

Gregory Pakosz 2010-05-15 10:27:51

I'd like a little more info, and a demo :P

Matt Joiner 2010-05-15 13:34:55

I'm sorry this code was under NDA :(

Gregory Pakosz 2010-05-15 15:16:25

I just skimmed through Valgrind's `aspacemgr-linux.c` which reads `/proc/self/maps` -- not easy to follow but maybe you can grab information from there

Gregory Pakosz 2010-05-15 15:17:16

Perhaps using GDB would be an option? You should be able to do things like periodically reading memory using breakpoints.

JesperE 2010-05-15 10:28:44

I've developed some code for the requested functionality.

The module memutil provides process memory region iteration, and python or C memory reading with assistance from the ptrace module, and readmem executable.

If there is any questions, or requests for standalone tools, just ask.

Matt Joiner 2010-06-11 02:42:18

ansaurus

tags:

views:

answers:

Searching a process' memory on Linux

related questions