Retrieving the memory map of its own process in OS X 10.5/10.6
Asked Answered
C

4

11

In Linux, the easiest way to look at a process' memory map is looking at /proc/PID/maps, giving something like this:

08048000-08056000 r-xp 00000000 03:0c 64593      /usr/sbin/gpm
08056000-08058000 rw-p 0000d000 03:0c 64593      /usr/sbin/gpm
08058000-0805b000 rwxp 00000000 00:00 0
40000000-40013000 r-xp 00000000 03:0c 4165       /lib/ld-2.2.4.so
40013000-40015000 rw-p 00012000 03:0c 4165       /lib/ld-2.2.4.so
4001f000-40135000 r-xp 00000000 03:0c 45494      /lib/libc-2.2.4.so
40135000-4013e000 rw-p 00115000 03:0c 45494      /lib/libc-2.2.4.so
4013e000-40142000 rw-p 00000000 00:00 0
bffff000-c0000000 rwxp 00000000 00:00 0

How can a process get the equivalent information (address ranges, protection, mapped filename, etc...) about a process' own memory map under OSX 10.5 or 10.6?

Concepcion answered 27/10, 2009 at 0:3 Comment(0)
O
13

There is a MacFUSE implementation of procfs. With it, you can get the memory map as follows:

cat /proc/PID/task/vmmap

Looking at the source code, it looks like it's using the Mach virtual memory interface to get the memory map from the kernel.

Here's the implementation for the vmmap pseudofile:

/*
 * procfs as a MacFUSE file system for Mac OS X
 *
 * Copyright Amit Singh. All Rights Reserved.
 * http://osxbook.com
 *
 * http://code.google.com/p/macfuse/
 *
 * Source License: GNU GENERAL PUBLIC LICENSE (GPL)
 */
READ_HANDLER(proc__task__vmmap)
{
    int len = -1;
    kern_return_t kr;
#define MAX_VMMAP_SIZE 65536 /* XXX */
    char tmpbuf[MAX_VMMAP_SIZE];
    task_t the_task;
    pid_t pid = strtol(argv[0], NULL, 10);

    kr = task_for_pid(mach_task_self(), pid, &the_task);
    if (kr != KERN_SUCCESS) {
        return -EIO;
    }

    vm_size_t vmsize;
    vm_address_t address;
    vm_region_basic_info_data_t info;
    mach_msg_type_number_t info_count;
    vm_region_flavor_t flavor;
    memory_object_name_t object;

    kr = KERN_SUCCESS;
    address = 0;
    len = 0;

    do {
        flavor = VM_REGION_BASIC_INFO;
        info_count = VM_REGION_BASIC_INFO_COUNT;
        kr = vm_region(the_task, &address, &vmsize, flavor,
                       (vm_region_info_t)&info, &info_count, &object);
        if (kr == KERN_SUCCESS) {
            if (len >= MAX_VMMAP_SIZE) {
                goto gotdata;
            }
            len += snprintf(tmpbuf + len, MAX_VMMAP_SIZE - len,
            "%08x-%08x %8uK %c%c%c/%c%c%c %11s %6s %10s uwir=%hu sub=%u\n",
                            address, (address + vmsize), (vmsize >> 10),
                            (info.protection & VM_PROT_READ)        ? 'r' : '-',
                            (info.protection & VM_PROT_WRITE)       ? 'w' : '-',
                            (info.protection & VM_PROT_EXECUTE)     ? 'x' : '-',
                            (info.max_protection & VM_PROT_READ)    ? 'r' : '-',
                            (info.max_protection & VM_PROT_WRITE)   ? 'w' : '-',
                            (info.max_protection & VM_PROT_EXECUTE) ? 'x' : '-',
                            inheritance_strings[info.inheritance],
                            (info.shared) ? "shared" : "-",
                            behavior_strings[info.behavior],
                            info.user_wired_count,
                            info.reserved);
            address += vmsize;
        } else if (kr != KERN_INVALID_ADDRESS) {

            if (the_task != MACH_PORT_NULL) {
                mach_port_deallocate(mach_task_self(), the_task);
            }

            return -EIO;
        }
    } while (kr != KERN_INVALID_ADDRESS);

gotdata:

    if (the_task != MACH_PORT_NULL) {
        mach_port_deallocate(mach_task_self(), the_task);
    }

    READ_PROC_TASK_EPILOGUE();
}
Obscure answered 27/10, 2009 at 2:16 Comment(2)
This looks really great, I'll probably accept it once I run some tests on that.Concepcion
This can now be found at github.com/osxfuse/filesystems/blob/….Trichroism
S
2

Take a look at this thread from 2007 on the Darwin-kernel mailing list. In a nutshell, your choices are to popen vmmap (which is setgid appropriately) or use the Mach VM region APIs in /usr/include/mach/mach_vm.h. I found a decent example of using the Mach API in the Sage Mathematics System sources.

Summertree answered 27/10, 2009 at 15:15 Comment(4)
Thanks for the thread, I guess doing this portably across all OSX versions isn't easy.Concepcion
updated sage link: trac.sagemath.org/sage_trac/browser/sage/misc/…Respiratory
updated link: wstein.org/home/tornaria/…Medeiros
All above links dead. Here's another link that will hopefully live for some time: github.com/sagemath/sagelib/blob/master/sage/misc/…Quiche
S
2

GNUlib (http://www.gnu.org/software/gnulib/) contains a function for iterating over all the virtual memory segments in most OSes including MAC OS X. It's in vma-iter.c

Saiz answered 30/3, 2011 at 14:14 Comment(0)
R
2

A couple more links for those looking for vmmap source (it's not published):

Getting the the mapped file name and the names of libraries from dyld_shared_cache: https://mcmap.net/q/1015917/-filename-of-memory-mapped-libraries-osx

Respiratory answered 18/6, 2013 at 0:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.