0

Is there a way to see active mappings from virtual to physical memory in Linux?

To make simpler, let's assume we are on 32 bit system

Kernel Virtual Addresses

>>> 0xffffffff-0xc0000000
1073741823

Userspace Virtual Addresses

>>> 0xc0000000-0x00000000
3221225472

I want to scan Kernel Virtual Addresses for task_struct structure and was wondering if I have to scan the whole range or there is somehow a mapping which kernel virtual addresses are currently used?

Update 1:

How can I read it programatically to view all active mappings?

As I said I want to spare me going though the whole address space:

My code so far:

Here I try to scan the whole address space to look for task_struct and find the process name and PID (based on struct offsets)

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdbool.h>

void main()
{
    int fd;
    char *retp = NULL;

    fd = open("/dev/mem", O_RDWR|O_SYNC);
    for(int z=0;z<=0xffffffff;z=z+4096)
    {

        retp = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE, fd,z);



        if (retp == MAP_FAILED)
        {
            printf("FAILED\n");
        }
        else
        {
            printf("PASSED\n");



            char task_struct[5760];
            int pid;


            for(int i=0;i<4096;i++)
            {
                memcpy(&task_struct,retp+i,5760);
                memcpy(&pid,task_struct+768,sizeof(int));
                if(strcmp(task_struct+996,"bash")==0)

                    printf("addr:%p\tname:%s\tpid:%i\n",retp+i,task_struct+996,pid);
            }
            munmap(retp,4096);

        }
    }
    close(fd);
}
dev
  • 1,119
  • 1
  • 11
  • 34
  • 1
    This information is in the Page Table. – Barmar Jan 22 '18 at 20:32
  • SO is for programming questions, not questions about using or configuring Linux. SuperUser.com or unix.stackexchange.com would be better places for questions like this. – Barmar Jan 22 '18 at 20:32
  • Possible duplicate of [Is there any API for determining the physical address from virtual address in Linux?](https://stackoverflow.com/questions/5748492/is-there-any-api-for-determining-the-physical-address-from-virtual-address-in-li) – Tsyvarev Jan 22 '18 at 20:48
  • I know about /proc/PID/pagemap ... was wondering if there is a master table I can read all virtual addresses used by the Kernel (Kernel virtual addresses)? If yes, how can I read it programatically – dev Jan 22 '18 at 20:52
  • @Barmar Please see my Update 1: I clarified my question. – dev Jan 22 '18 at 20:58
  • `... was wondering if there is a master table` - as Barmar noted, you can check page tables, which are used by Linux (and every "normal" OS) on x86. – Tsyvarev Jan 22 '18 at 21:44
  • You have asked 4 questions about the same problem on 2 days. Don't you think, that it is time to trying to understand what answers/comments means and read more resources about the related topic? – Tsyvarev Jan 22 '18 at 21:48
  • Well I did read more resources, but still had questions. The problem is I am trying to do something experimental/no supported. Found this: https://github.com/rjmccabe3701/LinuxViewPageTables/blob/e2cb0f6810b11a25ff2d5f8aa50ff32dcbb8805e/arch/x86/mm/dump_pagetables.c This will do it. – dev Jan 23 '18 at 09:07

0 Answers0