macosvirtual-memorymemory-mapping

Retrieving the memory map of its own process in OS X 10.5/10.6


In Linux, the easiest way to look at a process' memory map is looking at /proc/PID/maps, giving something like this:

08048000-08056000 r-xp 00000000 03:0c 64593      /usr/sbin/gpm
08056000-08058000 rw-p 0000d000 03:0c 64593      /usr/sbin/gpm
08058000-0805b000 rwxp 00000000 00:00 0
40000000-40013000 r-xp 00000000 03:0c 4165       /lib/ld-2.2.4.so
40013000-40015000 rw-p 00012000 03:0c 4165       /lib/ld-2.2.4.so
4001f000-40135000 r-xp 00000000 03:0c 45494      /lib/libc-2.2.4.so
40135000-4013e000 rw-p 00115000 03:0c 45494      /lib/libc-2.2.4.so
4013e000-40142000 rw-p 00000000 00:00 0
bffff000-c0000000 rwxp 00000000 00:00 0

How can a process get the equivalent information (address ranges, protection, mapped filename, etc...) about a process' own memory map under OSX 10.5 or 10.6?


Solution

  • There is a MacFUSE implementation of procfs. With it, you can get the memory map as follows:

    cat /proc/PID/task/vmmap
    

    Looking at the source code, it looks like it's using the Mach virtual memory interface to get the memory map from the kernel.

    Here's the implementation for the vmmap pseudofile:

    /*
     * procfs as a MacFUSE file system for Mac OS X
     *
     * Copyright Amit Singh. All Rights Reserved.
     * http://osxbook.com
     *
     * http://code.google.com/p/macfuse/
     *
     * Source License: GNU GENERAL PUBLIC LICENSE (GPL)
     */
    READ_HANDLER(proc__task__vmmap)
    {
        int len = -1;
        kern_return_t kr;
    #define MAX_VMMAP_SIZE 65536 /* XXX */
        char tmpbuf[MAX_VMMAP_SIZE];
        task_t the_task;
        pid_t pid = strtol(argv[0], NULL, 10);
    
        kr = task_for_pid(mach_task_self(), pid, &the_task);
        if (kr != KERN_SUCCESS) {
            return -EIO;
        }
    
        vm_size_t vmsize;
        vm_address_t address;
        vm_region_basic_info_data_t info;
        mach_msg_type_number_t info_count;
        vm_region_flavor_t flavor;
        memory_object_name_t object;
    
        kr = KERN_SUCCESS;
        address = 0;
        len = 0;
    
        do {
            flavor = VM_REGION_BASIC_INFO;
            info_count = VM_REGION_BASIC_INFO_COUNT;
            kr = vm_region(the_task, &address, &vmsize, flavor,
                           (vm_region_info_t)&info, &info_count, &object);
            if (kr == KERN_SUCCESS) {
                if (len >= MAX_VMMAP_SIZE) {
                    goto gotdata;
                }
                len += snprintf(tmpbuf + len, MAX_VMMAP_SIZE - len,
                "%08x-%08x %8uK %c%c%c/%c%c%c %11s %6s %10s uwir=%hu sub=%u\n",
                                address, (address + vmsize), (vmsize >> 10),
                                (info.protection & VM_PROT_READ)        ? 'r' : '-',
                                (info.protection & VM_PROT_WRITE)       ? 'w' : '-',
                                (info.protection & VM_PROT_EXECUTE)     ? 'x' : '-',
                                (info.max_protection & VM_PROT_READ)    ? 'r' : '-',
                                (info.max_protection & VM_PROT_WRITE)   ? 'w' : '-',
                                (info.max_protection & VM_PROT_EXECUTE) ? 'x' : '-',
                                inheritance_strings[info.inheritance],
                                (info.shared) ? "shared" : "-",
                                behavior_strings[info.behavior],
                                info.user_wired_count,
                                info.reserved);
                address += vmsize;
            } else if (kr != KERN_INVALID_ADDRESS) {
    
                if (the_task != MACH_PORT_NULL) {
                    mach_port_deallocate(mach_task_self(), the_task);
                }
    
                return -EIO;
            }
        } while (kr != KERN_INVALID_ADDRESS);
    
    gotdata:
    
        if (the_task != MACH_PORT_NULL) {
            mach_port_deallocate(mach_task_self(), the_task);
        }
    
        READ_PROC_TASK_EPILOGUE();
    }