Date: Thu, 8 Jun 2006 23:12:16 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: Tofik Suleymanov <secnews@oxygen.az> Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Subject: Re: reading process memory Message-ID: <20060608230429.J11658@atlantis.atlantis.dp.ua> In-Reply-To: <4486A111.6020300@oxygen.az> References: <4486A111.6020300@oxygen.az>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Wed, 7 Jun 2006, Tofik Suleymanov wrote: > I believe that it is possible to read contents of the memory used/utilized > by > a process (assuming right privileges). Yes, procfs allows it to user with the process's UID (or root). > First i've tried to do this through procfs by reading 'mem' property of the > given process, but no success. Yes, process's virtual address space is accessible via /proc/<PID>/mem file, just don't forget that it's sparse. So you can't just 'hd mem', you should specify valid offset. /proc/<PID>/map will help you to do so: dmitry@homelynx$ cd /proc/curproc dmitry@homelynx$ cat map 0x8048000 0x80b0000 99 0 0xc68fc630 r-x 20 10 0x8004 COW NC vnode ... dmitry@homelynx$ dd if=mem bs=0x100 skip=0x80480 |hd|more 00000000 7f 45 4c 46 01 01 01 09 00 00 00 00 00 00 00 00 |.ELF............| 00000010 02 00 03 00 01 00 00 00 24 6e 05 08 34 00 00 00 |........$n..4...| 00000020 e0 ac 06 00 00 00 00 00 34 00 20 00 05 00 28 00 |рм......4. ...(.| P.S. I've once found the cause of the memory leak by examining virtual address space of my process and finding the repeated leaked pattern. > Thanks, > Tofik Suleymanov Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060608230429.J11658>