当前位置 : 主页 > 网络推广 > seo >

osx – 在OS X 10.5 / 10.6中检索自己进程的内存映射

来源:互联网 收集:自由互联 发布时间:2021-06-16
在 Linux中,查看进程内存映射的最简单方法是查看/ proc / PID / maps,给出如下内容: 08048000-08056000 r-xp 00000000 03:0c 64593 /usr/sbin/gpm08056000-08058000 rw-p 0000d000 03:0c 64593 /usr/sbin/gpm08058000-0805b000 rw
在 Linux中,查看进程内存映射的最简单方法是查看/ proc / PID / maps,给出如下内容:

08048000-08056000 r-xp 00000000 03:0c 64593      /usr/sbin/gpm
08056000-08058000 rw-p 0000d000 03:0c 64593      /usr/sbin/gpm
08058000-0805b000 rwxp 00000000 00:00 0
40000000-40013000 r-xp 00000000 03:0c 4165       /lib/ld-2.2.4.so
40013000-40015000 rw-p 00012000 03:0c 4165       /lib/ld-2.2.4.so
4001f000-40135000 r-xp 00000000 03:0c 45494      /lib/libc-2.2.4.so
40135000-4013e000 rw-p 00115000 03:0c 45494      /lib/libc-2.2.4.so
4013e000-40142000 rw-p 00000000 00:00 0
bffff000-c0000000 rwxp 00000000 00:00 0

一个进程如何在OSX 10.5或10.6下获取有关进程自己的内存映射的等效信息(地址范围,保护,映射文件名等)?

有一个 MacFUSE implementation of procfs.有了它,你可以得到如下内存映射:

cat /proc/PID/task/vmmap

看看source code,它看起来像是使用Mach virtual memory interface从内核获取内存映射.

这是vmmap伪造的实现:

/*
 * procfs as a MacFUSE file system for Mac OS X
 *
 * Copyright Amit Singh. All Rights Reserved.
 * http://osxbook.com
 *
 * http://code.google.com/p/macfuse/
 *
 * Source License: GNU GENERAL PUBLIC LICENSE (GPL)
 */
READ_HANDLER(proc__task__vmmap)
{
    int len = -1;
    kern_return_t kr;
#define MAX_VMMAP_SIZE 65536 /* XXX */
    char tmpbuf[MAX_VMMAP_SIZE];
    task_t the_task;
    pid_t pid = strtol(argv[0], NULL, 10);

    kr = task_for_pid(mach_task_self(), pid, &the_task);
    if (kr != KERN_SUCCESS) {
        return -EIO;
    }

    vm_size_t vmsize;
    vm_address_t address;
    vm_region_basic_info_data_t info;
    mach_msg_type_number_t info_count;
    vm_region_flavor_t flavor;
    memory_object_name_t object;

    kr = KERN_SUCCESS;
    address = 0;
    len = 0;

    do {
        flavor = VM_REGION_BASIC_INFO;
        info_count = VM_REGION_BASIC_INFO_COUNT;
        kr = vm_region(the_task, &address, &vmsize, flavor,
                       (vm_region_info_t)&info, &info_count, &object);
        if (kr == KERN_SUCCESS) {
            if (len >= MAX_VMMAP_SIZE) {
                goto gotdata;
            }
            len += snprintf(tmpbuf + len, MAX_VMMAP_SIZE - len,
            "%08x-%08x %8uK %c%c%c/%c%c%c %11s %6s %10s uwir=%hu sub=%u\n",
                            address, (address + vmsize), (vmsize >> 10),
                            (info.protection & VM_PROT_READ)        ? 'r' : '-',
                            (info.protection & VM_PROT_WRITE)       ? 'w' : '-',
                            (info.protection & VM_PROT_EXECUTE)     ? 'x' : '-',
                            (info.max_protection & VM_PROT_READ)    ? 'r' : '-',
                            (info.max_protection & VM_PROT_WRITE)   ? 'w' : '-',
                            (info.max_protection & VM_PROT_EXECUTE) ? 'x' : '-',
                            inheritance_strings[info.inheritance],
                            (info.shared) ? "shared" : "-",
                            behavior_strings[info.behavior],
                            info.user_wired_count,
                            info.reserved);
            address += vmsize;
        } else if (kr != KERN_INVALID_ADDRESS) {

            if (the_task != MACH_PORT_NULL) {
                mach_port_deallocate(mach_task_self(), the_task);
            }

            return -EIO;
        }
    } while (kr != KERN_INVALID_ADDRESS);

gotdata:

    if (the_task != MACH_PORT_NULL) {
        mach_port_deallocate(mach_task_self(), the_task);
    }

    READ_PROC_TASK_EPILOGUE();
}
网友评论