Databases
StackOverflow2013
Postsdbo
POConvert memory address range in running Linux process to symbols in object file?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConvert memory address range in running Linux process to symbols in object file?
    text
    copied!<p>Here is a snippet of the file <em>/proc/self/smaps</em>:</p> <pre><code>00af8000-00b14000 r-xp 00000000 fd:00 16417 /lib/ld-2.8.so Size: 112 kB Rss: 88 kB Pss: 1 kB Shared_Clean: 88 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 88 kB Swap: 0 kB 00b14000-00b15000 r--p 0001c000 fd:00 16417 /lib/ld-2.8.so Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Swap: 0 kB </code></pre> <p>It shows that this process <em>(self)</em> is linked to <em>/lib/ld-2.8.so</em> and two (of the many) byte ranges mapped into memory.</p> <p>The first range of 88kb (22 4kb pages) is <em>shared</em> and <em>clean</em>, that is it has not been written to. This is probably code.</p> <p>The second range of 4kb (a single page) is not shared and it is <em>dirty</em> -- the process has written to it since it was memory mapped from the file on disk. This is probably data.</p> <p><em>But what is in that memory?</em></p> <p>How do you convert the memory range <em>00b14000-00b15000</em> into useful information such as the line number of the file in which a large static structure is declared?</p> <p>The technique will need to take account of <a href="http://en.wikipedia.org/wiki/Prelinking" rel="nofollow noreferrer">prelinking</a> and <a href="http://en.wikipedia.org/wiki/Address_space_layout_randomization" rel="nofollow noreferrer">address space randomization</a>, such as from <a href="http://en.wikipedia.org/wiki/ExecShield" rel="nofollow noreferrer">execshield</a>, and also <a href="http://fedoraproject.org/wiki/StackTraces" rel="nofollow noreferrer">separate debugging symbols</a>.</p> <p><em>(The motivation is to identify popular libraries which also create dirty memory and to fix them, for example by by declaring structures const).</em></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload