view a process's memory maps without procfs
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
in C (on arch linux 64 bit), how would i view a process's memory maps without relying on procfs, if possible the executing process's own memory maps
linux c proc mmap
add a comment |Â
up vote
0
down vote
favorite
in C (on arch linux 64 bit), how would i view a process's memory maps without relying on procfs, if possible the executing process's own memory maps
linux c proc mmap
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be toprintf("%pn", (void *)printf)
to see the memory address ofprintf
according to the process, but that's guessing around blindly
â thrig
Jan 13 at 17:57
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
in C (on arch linux 64 bit), how would i view a process's memory maps without relying on procfs, if possible the executing process's own memory maps
linux c proc mmap
in C (on arch linux 64 bit), how would i view a process's memory maps without relying on procfs, if possible the executing process's own memory maps
linux c proc mmap
asked Jan 13 at 3:31
Clark Kent
63
63
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be toprintf("%pn", (void *)printf)
to see the memory address ofprintf
according to the process, but that's guessing around blindly
â thrig
Jan 13 at 17:57
add a comment |Â
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be toprintf("%pn", (void *)printf)
to see the memory address ofprintf
according to the process, but that's guessing around blindly
â thrig
Jan 13 at 17:57
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be to printf("%pn", (void *)printf)
to see the memory address of printf
according to the process, but that's guessing around blindlyâ thrig
Jan 13 at 17:57
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be to printf("%pn", (void *)printf)
to see the memory address of printf
according to the process, but that's guessing around blindlyâ thrig
Jan 13 at 17:57
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f416739%2fview-a-processs-memory-maps-without-procfs%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Is that even possible?
â Rui F Ribeiro
Jan 13 at 12:25
apparently it may be able to be done via somehow reading the kernel data structure
â Clark Kent
Jan 13 at 12:44
as for starters, execve works when without procfs or even devfs , (eg mkdir ./tp ; cp /usr/bin/bash-static /usr/bin/ls-static ./tp/ ; sudo chroot ./tp /bash > bash4-4.0 $ /ls-static)
â Clark Kent
Jan 13 at 12:49
execve
is a system call so on the kernel side of things can do whatever needs be done. one idea might be toprintf("%pn", (void *)printf)
to see the memory address ofprintf
according to the process, but that's guessing around blindlyâ thrig
Jan 13 at 17:57