在 Linux中,查看进程内存映射的最简单方法是查看/ proc / PID / maps,给出如下内容: 08048000-08056000 r-xp 00000000 03:0c 64593 /usr/sbin/gpm08056000-08058000 rw-p 0000d000 03:0c 64593 /usr/sbin/gpm08058000-0805b000 rw
08048000-08056000 r-xp 00000000 03:0c 64593 /usr/sbin/gpm 08056000-08058000 rw-p 0000d000 03:0c 64593 /usr/sbin/gpm 08058000-0805b000 rwxp 00000000 00:00 0 40000000-40013000 r-xp 00000000 03:0c 4165 /lib/ld-2.2.4.so 40013000-40015000 rw-p 00012000 03:0c 4165 /lib/ld-2.2.4.so 4001f000-40135000 r-xp 00000000 03:0c 45494 /lib/libc-2.2.4.so 40135000-4013e000 rw-p 00115000 03:0c 45494 /lib/libc-2.2.4.so 4013e000-40142000 rw-p 00000000 00:00 0 bffff000-c0000000 rwxp 00000000 00:00 0
一个进程如何在OSX 10.5或10.6下获取有关进程自己的内存映射的等效信息(地址范围,保护,映射文件名等)?
有一个 MacFUSE implementation of procfs.有了它,你可以得到如下内存映射:cat /proc/PID/task/vmmap
看看source code,它看起来像是使用Mach virtual memory interface从内核获取内存映射.
这是vmmap伪造的实现:
/* * procfs as a MacFUSE file system for Mac OS X * * Copyright Amit Singh. All Rights Reserved. * http://osxbook.com * * http://code.google.com/p/macfuse/ * * Source License: GNU GENERAL PUBLIC LICENSE (GPL) */ READ_HANDLER(proc__task__vmmap) { int len = -1; kern_return_t kr; #define MAX_VMMAP_SIZE 65536 /* XXX */ char tmpbuf[MAX_VMMAP_SIZE]; task_t the_task; pid_t pid = strtol(argv[0], NULL, 10); kr = task_for_pid(mach_task_self(), pid, &the_task); if (kr != KERN_SUCCESS) { return -EIO; } vm_size_t vmsize; vm_address_t address; vm_region_basic_info_data_t info; mach_msg_type_number_t info_count; vm_region_flavor_t flavor; memory_object_name_t object; kr = KERN_SUCCESS; address = 0; len = 0; do { flavor = VM_REGION_BASIC_INFO; info_count = VM_REGION_BASIC_INFO_COUNT; kr = vm_region(the_task, &address, &vmsize, flavor, (vm_region_info_t)&info, &info_count, &object); if (kr == KERN_SUCCESS) { if (len >= MAX_VMMAP_SIZE) { goto gotdata; } len += snprintf(tmpbuf + len, MAX_VMMAP_SIZE - len, "%08x-%08x %8uK %c%c%c/%c%c%c %11s %6s %10s uwir=%hu sub=%u\n", address, (address + vmsize), (vmsize >> 10), (info.protection & VM_PROT_READ) ? 'r' : '-', (info.protection & VM_PROT_WRITE) ? 'w' : '-', (info.protection & VM_PROT_EXECUTE) ? 'x' : '-', (info.max_protection & VM_PROT_READ) ? 'r' : '-', (info.max_protection & VM_PROT_WRITE) ? 'w' : '-', (info.max_protection & VM_PROT_EXECUTE) ? 'x' : '-', inheritance_strings[info.inheritance], (info.shared) ? "shared" : "-", behavior_strings[info.behavior], info.user_wired_count, info.reserved); address += vmsize; } else if (kr != KERN_INVALID_ADDRESS) { if (the_task != MACH_PORT_NULL) { mach_port_deallocate(mach_task_self(), the_task); } return -EIO; } } while (kr != KERN_INVALID_ADDRESS); gotdata: if (the_task != MACH_PORT_NULL) { mach_port_deallocate(mach_task_self(), the_task); } READ_PROC_TASK_EPILOGUE(); }