在 Solaris 中编码 pmap

发布于 2024-12-13 08:42:27 字数 1496 浏览 3 评论 0原文

我目前正在尝试编写自己的程序来镜像 pmap 命令,特别是在 Solaris 9 上。我在解析库的名称和路径时遇到问题。 Solaris 命令的输出看起来像这样,来自 bash shell:

bash-2.05# pmap $$
2427:   bash
00010000     496K r-x--  /usr/bin/bash
0009A000      80K rwx--  /usr/bin/bash
000AE000     120K rwx--    [ heap ]
FF100000     688K r-x--  /usr/lib/libc.so.1
FF1BC000      24K rwx--  /usr/lib/libc.so.1
FF1C2000       8K rwx--  /usr/lib/libc.so.1
FF200000     568K r-x--  /usr/lib/libnsl.so.1
FF29E000      32K rwx--  /usr/lib/libnsl.so.1
FF2A6000      32K rwx--  /usr/lib/libnsl.so.1
FF2F0000       8K rwx--    [ anon ]
FF300000      16K r-x--  /usr/lib/libmp.so.2
FF314000       8K rwx--  /usr/lib/libmp.so.2
FF320000       8K r-x--  /usr/platform/sun4u-us3/lib/libc_psr.so.1
FF330000      40K r-x--  /usr/lib/libsocket.so.1
FF34A000       8K rwx--  /usr/lib/libsocket.so.1
FF350000     168K r-x--  /usr/lib/libcurses.so.1
FF38A000      32K rwx--  /usr/lib/libcurses.so.1
FF392000       8K rwx--  /usr/lib/libcurses.so.1
FF3A0000       8K r-x--  /usr/lib/libdl.so.1
FF3B0000       8K rwx--    [ anon ]
FF3C0000     152K r-x--  /usr/lib/ld.so.1
FF3F6000       8K rwx--  /usr/lib/ld.so.1
FFBFC000      16K rw---    [ stack ]
 total      2536K

我可以通过读取 /proc/$$/map 来复制程序的基本功能,但剩下的就是弄清楚如何解析库名称,如右图所示。 /proc/$$/map 只给出了 /proc/$$/object 中文件的名称,这些文件只是通用名称。在 Solaris 10(我有一个盒子)上,我似乎能够使用 /proc/$$/path,其中包含符号链接,但我正在处理的盒子没有这些。有人对如何获取这些库名称有任何直接的想法吗?当我捆绑该程序时,它似乎打开了 /proc/$$/as 并查看内存并以某种方式找到它们,但我还无法弄清楚它在哪里查找或为什么。

I'm currently attempting to write my own program that mirrors the pmap command, specifically on Solaris 9. I'm having trouble resolving the names and paths of the libraries. Output of the Solaris command looks something like this, from a bash shell:

bash-2.05# pmap $
2427:   bash
00010000     496K r-x--  /usr/bin/bash
0009A000      80K rwx--  /usr/bin/bash
000AE000     120K rwx--    [ heap ]
FF100000     688K r-x--  /usr/lib/libc.so.1
FF1BC000      24K rwx--  /usr/lib/libc.so.1
FF1C2000       8K rwx--  /usr/lib/libc.so.1
FF200000     568K r-x--  /usr/lib/libnsl.so.1
FF29E000      32K rwx--  /usr/lib/libnsl.so.1
FF2A6000      32K rwx--  /usr/lib/libnsl.so.1
FF2F0000       8K rwx--    [ anon ]
FF300000      16K r-x--  /usr/lib/libmp.so.2
FF314000       8K rwx--  /usr/lib/libmp.so.2
FF320000       8K r-x--  /usr/platform/sun4u-us3/lib/libc_psr.so.1
FF330000      40K r-x--  /usr/lib/libsocket.so.1
FF34A000       8K rwx--  /usr/lib/libsocket.so.1
FF350000     168K r-x--  /usr/lib/libcurses.so.1
FF38A000      32K rwx--  /usr/lib/libcurses.so.1
FF392000       8K rwx--  /usr/lib/libcurses.so.1
FF3A0000       8K r-x--  /usr/lib/libdl.so.1
FF3B0000       8K rwx--    [ anon ]
FF3C0000     152K r-x--  /usr/lib/ld.so.1
FF3F6000       8K rwx--  /usr/lib/ld.so.1
FFBFC000      16K rw---    [ stack ]
 total      2536K

I can mostly duplicate the program's basic features by reading /proc/$$/map, but what remains is figuring out how to resolve the library names, shown on the right. /proc/$$/map only gives the names of the files in /proc/$$/object, which are just generic names. On Solaris 10 (a box I have), I seem to be able to use /proc/$$/path, which contains symbolic links, but the box I'm working on doesn't have these. Does anyone have any straightforward ideas on how to get these library names? When I truss the program, it seems to open up /proc/$$/as and look through the memory and somehow find them, but I haven't been able to figure out where it's looking or why quite yet.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦醒灬来后我 2024-12-20 08:42:27

pmap 的 Solaris 实现实际上可以通过 OpenSolaris 以源代码形式获得,pmap.c。但这是非常复杂的事情;基础知识更容易实现。

Solaris 有三个 /proc 映射句柄:

  1. /proc//map,其中包含 struct prmap< /a>反映“通常”工作集大小
  2. /proc//rmap 的数据,其中还包含 struct prmap 数据,但针对的是虚拟集大小 (VSZ),即反映映射的 VA 范围,即使映射未提交。
  3. /proc//xmap 其中包含 struct prxmap 数据,它实际上遍历地址空间来识别内存驻留区域。

当您传递无参数 (map)、-r (rmap) 或-x (xmap),但正如您所发现的,它的作用不仅仅是打开/读取地图过程文件。这很大程度上是源代码难以解析的原因。

尽管如此,您还是可以构造一个简单的 Solaris [rx]map(如果您访问 xmapstruct prxmap 而不是 struct prmap) code> 当然)通过如下代码解析器:

char mappath[MAXPATHLEN];
sprintf(mappath, "/proc/%d/map", getpid());
int fd = open(mappath, O_RDONLY);
size_t nread;
size_t mapsz = (1 << 20);                 /* start at 1MB */
struct prmap *cur*mapbuf = malloc(mapsz);

while ((nread = pread(fd, mapbuf, mapsz, 0)) == mapsz) {
    free(mapbuf);
    mapsz *= 2;
    mapbuf = malloc(mapsz);
}
for (cur = mapbuf; nread; cur++, nread -= sizeof(*mapbuf))
    prettyprint(cur);
free(mapbuf);

一些提示:

  • 不要尝试 mmap() map 文件,那是行不通的(procfs 不允许它)
  • 不要尝试按顺序阅读其中的部分内容;上面的方法(从开头重新读取整个内容到调整大小的缓冲区中)比执行连续的read()序列更快。始终从头开始读取(如示例中所示使用 pread,或在任何读取之前使用 lseek(..., 0, SEEK_SET))。

享受尝试的乐趣!

编辑:

由于您已经下定决心要查找映射背后的路径名,因此这是非常困难的任务之一。 pmap 本身并不处理这个问题,而是使用 libproc 的功能来解析这些名称,正如您在 truss 中发现的那样,可以通过搜索进程地址空间来提取这些内容,但也可以使用一些其他技术。它本质上是 libproc/Psymtab.c 执行此操作。 Solaris 9 和更高版本之间也有差异...记不清了,太久以前了...

The Solaris implementation of pmap is actually available in source form via OpenSolaris,pmap.c. But this is very complex stuff; the basics are simpler to achieve.

Solaris has three /proc handles for maps:

  1. /proc/<PID>/map which contains struct prmap data that reflects the "usual" working set size
  2. /proc/<PID>/rmap which also contains struct prmap data but for the virtual set size (VSZ), i.e. reflecting mapped VA ranges even if the mapping is uncommitted.
  3. /proc/<PID>/xmap which contains struct prxmap data, which actually trawls the address space to identify memory-resident regions.

The pmap utility looks into these when you pass either no args (map), -r (rmap) or -x (xmap), but as you've found it does a lot more than simply opening/reading the map proc files. That's largely what makes the sourcecode hard to parse.

Nonetheless, you can construct a trivial Solaris [rx]map (use struct prxmap instead of struct prmap if you access xmap of course) parser via code like:

char mappath[MAXPATHLEN];
sprintf(mappath, "/proc/%d/map", getpid());
int fd = open(mappath, O_RDONLY);
size_t nread;
size_t mapsz = (1 << 20);                 /* start at 1MB */
struct prmap *cur*mapbuf = malloc(mapsz);

while ((nread = pread(fd, mapbuf, mapsz, 0)) == mapsz) {
    free(mapbuf);
    mapsz *= 2;
    mapbuf = malloc(mapsz);
}
for (cur = mapbuf; nread; cur++, nread -= sizeof(*mapbuf))
    prettyprint(cur);
free(mapbuf);

A few hints:

  • don't try to mmap() the map file, that won't work (procfs doesn't allow it)
  • don't try to sequentially read parts of it; the above (re-reading the whole from the beginning into a resized buffer) is faster than doing a contiguous sequence of read(). Always read from the beginning (use pread as in the example, or lseek(..., 0, SEEK_SET) before any read).

Enjoy experimenting !

Edit:

Since you've set your mind on finding the pathnames behind mappings, that's one of the really difficult tasks. pmap doesn't deal with that itself but uses the facilities of libproc to resolve these names, which, as you've found by truss, may trawl through the process address space to extract these, but also uses a few other techniques. It's essentially the "iter" functions in libproc/Psymtab.c which do this. There's differences between Solaris 9 and later versions as well ... can't remember, too long ago ...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文