From: "Richard F Weber" <rfweber@link.com>
To: Alexander Viro <viro@math.psu.edu>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>, linux-mm@kvack.org
Subject: Re: About reading /proc/*/mem
Date: Wed, 02 May 2001 07:39:03 -0400 [thread overview]
Message-ID: <3AEFF1D7.6090300@link.com> (raw)
In-Reply-To: <Pine.GSO.4.21.0105011231330.9771-100000@weyl.math.psu.edu>
[-- Attachment #1: Type: text/plain, Size: 2042 bytes --]
Alexander Viro wrote:
>
>On 1 May 2001, Eric W. Biederman wrote:
>
>>>Unfortunately, ptrace() probobally isn't going to allow me to do that.
>>>So my next question is does opening /proc/*/mem force the child process
>>>to stop on every interrupt (just like ptrace?)
>>>
>>
>>The not stopping the child should be the major difference between
>>/proc/*/mem and ptrace.
>>
>
>Could somebody tell me what would one do with data read from memory
>of process that is currently running?
>
After doing some digging around, I found this URL: (Sorry, the
original page at nsa seems to have disappeared).
http://www.google.com/search?q=cache:nsa.gov/selinux/slinux-200101020953/node57.html+access+physical+memory+/proc+/mem&hl=en
In any case, it indicates the the /proc/*/mem file can only be read by
the process itself on the fly, or by a parent process that has stopped
execution of the child via SIGSTOP. So it seems so far that the
behavior of /proc/*/mem is exactly the same as the behavior of ptrace in
that it forces stoppage of execution in order to read memory.
Bummer.(Or has this changed from v 2.2.x to v2.4.x?)
So how else can I access the process memory? I'm wondering if it'd be
feasible to hack the kernel to add an extra ptrace_nostop() fn that
would allow ptracing without forcing a stop in the process. I'd really
rather not have to hack the kernel unless I really have to though.
My second thought is again going back to finding the translation of
where the process physically lives in the virtual memory itself. So
this way I can just go and directly look at the memory of the process.
But then this runs into problems as to finding where that process lives,
and being told my thoughts on this are totally wrong.
I suppose the question is I know the process exists, I know the process
is pinned into memory so it can't get swapped out, I just need to know
how to translate the process's virtual address of 0x080495998 to some
chunk of physical memory, and then take a look at it.
Thanks.
--Rich
[-- Attachment #2: Type: text/html, Size: 2679 bytes --]
next prev parent reply other threads:[~2001-05-02 11:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-05-01 13:33 Richard F Weber
2001-05-01 15:27 ` Eric W. Biederman
2001-05-01 16:35 ` Alexander Viro
2001-05-01 17:03 ` Richard F Weber
2001-05-01 17:14 ` Alexander Viro
2001-05-02 10:25 ` Stephen C. Tweedie
2001-05-02 11:39 ` Richard F Weber [this message]
2001-05-03 17:51 ` Richard F Weber
2001-05-01 16:53 ` Richard F Weber
2001-05-01 17:09 ` Alexander Viro
2001-05-01 17:29 ` Richard F Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3AEFF1D7.6090300@link.com \
--to=rfweber@link.com \
--cc=ebiederm@xmission.com \
--cc=linux-mm@kvack.org \
--cc=viro@math.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox