在 Solaris 中编码 pmap
我目前正在尝试编写自己的程序来镜像 pmap 命令,特别是在 Solaris 9 上。我在解析库的名称和路径时遇到问题。 Solaris 命令的输出看起来像这样,来自 bash shell:
bash-2.05# pmap $$
2427: bash
00010000 496K r-x-- /usr/bin/bash
0009A000 80K rwx-- /usr/bin/bash
000AE000 120K rwx-- [ heap ]
FF100000 688K r-x-- /usr/lib/libc.so.1
FF1BC000 24K rwx-- /usr/lib/libc.so.1
FF1C2000 8K rwx-- /usr/lib/libc.so.1
FF200000 568K r-x-- /usr/lib/libnsl.so.1
FF29E000 32K rwx-- /usr/lib/libnsl.so.1
FF2A6000 32K rwx-- /usr/lib/libnsl.so.1
FF2F0000 8K rwx-- [ anon ]
FF300000 16K r-x-- /usr/lib/libmp.so.2
FF314000 8K rwx-- /usr/lib/libmp.so.2
FF320000 8K r-x-- /usr/platform/sun4u-us3/lib/libc_psr.so.1
FF330000 40K r-x-- /usr/lib/libsocket.so.1
FF34A000 8K rwx-- /usr/lib/libsocket.so.1
FF350000 168K r-x-- /usr/lib/libcurses.so.1
FF38A000 32K rwx-- /usr/lib/libcurses.so.1
FF392000 8K rwx-- /usr/lib/libcurses.so.1
FF3A0000 8K r-x-- /usr/lib/libdl.so.1
FF3B0000 8K rwx-- [ anon ]
FF3C0000 152K r-x-- /usr/lib/ld.so.1
FF3F6000 8K rwx-- /usr/lib/ld.so.1
FFBFC000 16K rw--- [ stack ]
total 2536K
我可以通过读取 /proc/$$/map 来复制程序的基本功能,但剩下的就是弄清楚如何解析库名称,如右图所示。 /proc/$$/map 只给出了 /proc/$$/object 中文件的名称,这些文件只是通用名称。在 Solaris 10(我有一个盒子)上,我似乎能够使用 /proc/$$/path,其中包含符号链接,但我正在处理的盒子没有这些。有人对如何获取这些库名称有任何直接的想法吗?当我捆绑该程序时,它似乎打开了 /proc/$$/as 并查看内存并以某种方式找到它们,但我还无法弄清楚它在哪里查找或为什么。
I'm currently attempting to write my own program that mirrors the pmap command, specifically on Solaris 9. I'm having trouble resolving the names and paths of the libraries. Output of the Solaris command looks something like this, from a bash shell:
bash-2.05# pmap $
2427: bash
00010000 496K r-x-- /usr/bin/bash
0009A000 80K rwx-- /usr/bin/bash
000AE000 120K rwx-- [ heap ]
FF100000 688K r-x-- /usr/lib/libc.so.1
FF1BC000 24K rwx-- /usr/lib/libc.so.1
FF1C2000 8K rwx-- /usr/lib/libc.so.1
FF200000 568K r-x-- /usr/lib/libnsl.so.1
FF29E000 32K rwx-- /usr/lib/libnsl.so.1
FF2A6000 32K rwx-- /usr/lib/libnsl.so.1
FF2F0000 8K rwx-- [ anon ]
FF300000 16K r-x-- /usr/lib/libmp.so.2
FF314000 8K rwx-- /usr/lib/libmp.so.2
FF320000 8K r-x-- /usr/platform/sun4u-us3/lib/libc_psr.so.1
FF330000 40K r-x-- /usr/lib/libsocket.so.1
FF34A000 8K rwx-- /usr/lib/libsocket.so.1
FF350000 168K r-x-- /usr/lib/libcurses.so.1
FF38A000 32K rwx-- /usr/lib/libcurses.so.1
FF392000 8K rwx-- /usr/lib/libcurses.so.1
FF3A0000 8K r-x-- /usr/lib/libdl.so.1
FF3B0000 8K rwx-- [ anon ]
FF3C0000 152K r-x-- /usr/lib/ld.so.1
FF3F6000 8K rwx-- /usr/lib/ld.so.1
FFBFC000 16K rw--- [ stack ]
total 2536K
I can mostly duplicate the program's basic features by reading /proc/$$/map, but what remains is figuring out how to resolve the library names, shown on the right. /proc/$$/map only gives the names of the files in /proc/$$/object, which are just generic names. On Solaris 10 (a box I have), I seem to be able to use /proc/$$/path, which contains symbolic links, but the box I'm working on doesn't have these. Does anyone have any straightforward ideas on how to get these library names? When I truss the program, it seems to open up /proc/$$/as and look through the memory and somehow find them, but I haven't been able to figure out where it's looking or why quite yet.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
pmap
的 Solaris 实现实际上可以通过 OpenSolaris 以源代码形式获得,pmap.c
。但这是非常复杂的事情;基础知识更容易实现。Solaris 有三个
/proc
映射句柄:/proc//map
,其中包含struct prmap
< /a>反映“通常”工作集大小/proc//rmap
的数据,其中还包含struct prmap
数据,但针对的是虚拟集大小 (VSZ),即反映映射的 VA 范围,即使映射未提交。/proc//xmap
其中包含struct prxmap
数据,它实际上遍历地址空间来识别内存驻留区域。当您传递无参数 (
map
)、-r
(rmap
) 或-x
(xmap
),但正如您所发现的,它的作用不仅仅是打开/读取地图过程文件。这很大程度上是源代码难以解析的原因。尽管如此,您还是可以构造一个简单的 Solaris
[rx]map
(如果您访问xmapstruct prxmap
而不是struct prmap
) code> 当然)通过如下代码解析器:一些提示:
mmap()
map
文件,那是行不通的(procfs 不允许它)read()
序列更快。始终从头开始读取(如示例中所示使用pread
,或在任何读取
之前使用lseek(..., 0, SEEK_SET)
)。享受尝试的乐趣!
编辑:
由于您已经下定决心要查找映射背后的路径名,因此这是非常困难的任务之一。
pmap
本身并不处理这个问题,而是使用libproc
的功能来解析这些名称,正如您在truss
中发现的那样,可以通过搜索进程地址空间来提取这些内容,但也可以使用一些其他技术。它本质上是libproc/Psymtab.c
执行此操作。 Solaris 9 和更高版本之间也有差异...记不清了,太久以前了...The Solaris implementation of
pmap
is actually available in source form via OpenSolaris,pmap.c
. But this is very complex stuff; the basics are simpler to achieve.Solaris has three
/proc
handles for maps:/proc/<PID>/map
which containsstruct prmap
data that reflects the "usual" working set size/proc/<PID>/rmap
which also containsstruct prmap
data but for the virtual set size (VSZ), i.e. reflecting mapped VA ranges even if the mapping is uncommitted./proc/<PID>/xmap
which containsstruct prxmap
data, which actually trawls the address space to identify memory-resident regions.The
pmap
utility looks into these when you pass either no args (map
),-r
(rmap
) or-x
(xmap
), but as you've found it does a lot more than simply opening/reading the map proc files. That's largely what makes the sourcecode hard to parse.Nonetheless, you can construct a trivial Solaris
[rx]map
(usestruct prxmap
instead ofstruct prmap
if you accessxmap
of course) parser via code like:A few hints:
mmap()
themap
file, that won't work (procfs doesn't allow it)read()
. Always read from the beginning (usepread
as in the example, orlseek(..., 0, SEEK_SET)
before anyread
).Enjoy experimenting !
Edit:
Since you've set your mind on finding the pathnames behind mappings, that's one of the really difficult tasks.
pmap
doesn't deal with that itself but uses the facilities oflibproc
to resolve these names, which, as you've found bytruss
, may trawl through the process address space to extract these, but also uses a few other techniques. It's essentially the "iter" functions inlibproc/Psymtab.c
which do this. There's differences between Solaris 9 and later versions as well ... can't remember, too long ago ...