From owner-freebsd-questions@FreeBSD.ORG Thu Jun 8 21:58:11 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEB4816A49A; Thu, 8 Jun 2006 21:58:11 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 458D243D48; Thu, 8 Jun 2006 21:58:10 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k58KCGVR049379; Thu, 8 Jun 2006 23:12:16 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 8 Jun 2006 23:12:16 +0300 (EEST) From: Dmitry Pryanishnikov To: Tofik Suleymanov In-Reply-To: <4486A111.6020300@oxygen.az> Message-ID: <20060608230429.J11658@atlantis.atlantis.dp.ua> References: <4486A111.6020300@oxygen.az> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=koi8-u; format=flowed Content-Transfer-Encoding: 8BIT Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Subject: Re: reading process memory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2006 21:58:12 -0000 Hello! On Wed, 7 Jun 2006, Tofik Suleymanov wrote: > I believe that it is possible to read contents of the memory used/utilized > by > a process (assuming right privileges). Yes, procfs allows it to user with the process's UID (or root). > First i've tried to do this through procfs by reading 'mem' property of the > given process, but no success. Yes, process's virtual address space is accessible via /proc//mem file, just don't forget that it's sparse. So you can't just 'hd mem', you should specify valid offset. /proc//map will help you to do so: dmitry@homelynx$ cd /proc/curproc dmitry@homelynx$ cat map 0x8048000 0x80b0000 99 0 0xc68fc630 r-x 20 10 0x8004 COW NC vnode ... dmitry@homelynx$ dd if=mem bs=0x100 skip=0x80480 |hd|more 00000000 7f 45 4c 46 01 01 01 09 00 00 00 00 00 00 00 00 |.ELF............| 00000010 02 00 03 00 01 00 00 00 24 6e 05 08 34 00 00 00 |........$n..4...| 00000020 e0 ac 06 00 00 00 00 00 34 00 20 00 05 00 28 00 |рм......4. ...(.| P.S. I've once found the cause of the memory leak by examining virtual address space of my process and finding the repeated leaked pattern. > Thanks, > Tofik Suleymanov Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE