Searching a process' memory on Linux

Question

How can I search the memory state of an process in Linux? Specifically I wish to identify certain regions of interest, and peek at them at regular intervals, possibly occasionally poking new values.

I suspect an answer may involve calls to ptrace(), and reading /proc/[pid]/mem, but need more to go on.

score 2 · Answer 1 · answered May 15 '10 at 10:27

2

I believe you can achieve what you want by parsing /proc/[pid]/maps -- I've used that to diagnose invalid pointers

answered May 15 '10 at 10:27

Gregory Pakosz

69,011
20
139
164

I'd like a little more info, and a demo :P – Matt Joiner May 15 '10 at 13:34
I just skimmed through Valgrind's `aspacemgr-linux.c` which reads `/proc/self/maps` -- not easy to follow but maybe you can grab information from there – Gregory Pakosz May 15 '10 at 15:17

score 2 · Accepted Answer · answered Jun 11 '10 at 02:42

I've developed some code for the requested functionality.

The module memutil provides process memory region iteration, and python or C memory reading with assistance from the ptrace module, and readmem executable.

If there is any questions, or requests for standalone tools, just ask.

score 0 · Answer 3 · answered May 15 '10 at 10:28

0

Perhaps using GDB would be an option? You should be able to do things like periodically reading memory using breakpoints.

answered May 15 '10 at 10:28

JesperE

63,317
21
138
197

Searching a process' memory on Linux

3 Answers3

Linked