[vox-tech] viewing a program's memory space
Peter Jay Salzman
vox-tech@lists.lugod.org
Fri, 21 Jun 2002 08:47:58 -0700
how can one process view another process's memory space?
i'm thinking along the lines of how gdb attaches to a running process.
i was under the impression that /proc/<pid>/maps is a memory map of the
process. for instance, i'm running nethack right now, and it has a pid
of 26617. my character's level is "1", so i'm expecting that somewhere
in nethack's memory space is a sequence of 4 bytes such as:
00000000 00000000 00000000 00000001
(an int is 4 bytes on my system). but the contents of /proc/26617/maps
looks like:
40121000-4012e000 r-xp 00000000 03:05 81919 /usr/X11R6/lib/libXpm.so.4.11
4012e000-4012f000 rw-p 0000c000 03:05 81919 /usr/X11R6/lib/libXpm.so.4.11
4012f000-40204000 r-xp 00000000 03:05 80862 /usr/X11R6/lib/libX11.so.6.2
40204000-40208000 rw-p 000d5000 03:05 80862 /usr/X11R6/lib/libX11.so.6.2
40208000-40209000 rw-p 00000000 00:00 0
40209000-40229000 r-xp 00000000 03:05 225885 /lib/libm-2.2.5.so
40229000-4022a000 rw-p 0001f000 03:05 225885 /lib/libm-2.2.5.so
4022a000-4033d000 r-xp 00000000 03:05 225848 /lib/libc-2.2.5.so
4033d000-40343000 rw-p 00113000 03:05 225848 /lib/libc-2.2.5.so
40343000-40347000 rw-p 00000000 00:00 0
40347000-4034e000 r-xp 00000000 03:05 80861 /usr/X11R6/lib/libSM.so.6.0
etc. not exactly what i'm looking for. the value "1" needs to be
stored somewhere on the stack.
how would i go about searching memory for this value? the stack
contains addresses of functions, variables and return addresses. is
there a way to scrounge each from of the stack for a particular
variable's value?
note: this is where my experience gives way to my absolute lack of
formal training. if i have any concepts wrong, please correct me.
thanks,
pete
--
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D