mach_vm_region_recurse，在osx上映射内存和共享库 [英] mach_vm_region_recurse, mapping memory and shared libraries on osx

问题描述

我正在使用vm_region_recurse_64来映射给定进程vmmap样式的内存.

I'm using vm_region_recurse_64 to map out the memory for a given process, vmmap style.

试图通过检查内存中每个库的Mach-O标头来获取应用程序加载的共享库的完整列表，但是，vm_region_recurse似乎与vmmap命令行工具不同意，其中具体涉及某些特定内存部分的开始位置和结尾.

Trying to get a complete list of shared libraries loaded by the application by examining each library's Mach-O header in memory, however, vm_region_recurse seems to disagree with the vmmap command line tool about specifically where some of the specific memory sections begin and end.

在其中大多数OS共享库已加载的90000000-a0000000系统子图中，尤其如此.

This becomes especially true in the 90000000-a0000000 system submap where most of the os shared libraries are loaded.

现在我有点困惑.我可以列出内存段，大致说出它们是什么类型，然后使用vm_read从中读取.但是列出它们并获取正确和特定区域信息非常困难.

And now I'm kind of stumped. I can list memory segments, tell generally what type they are, and read from them with vm_read. But listing them and getting correct and specific region info is proving difficult.

vmmap如何获取加载库的特定位置的列表?我的方法似乎无效.

How does vmmap get listings of the specific locations at which libraries are loaded? My method seems to be ineffective.

这是我正在使用的基本代码.它返回与vmmap类似但不相同的内存映射.没有特定库的内存区域.

here's the basic code I'm using. It returns a memory map similar to but not identical to vmmap's. Doesn't have memory regions of specific libraries.

kern_return_t krc = KERN_SUCCESS;
vm_address_t address = 0;
vm_size_t size = 0;
uint32_t depth = 1;
while (1) {
    struct vm_region_submap_info_64 info;
    mach_msg_type_number_t count = VM_REGION_SUBMAP_INFO_COUNT_64;
    krc = vm_region_recurse_64(port, &address, &size, &depth, (vm_region_info_64_t)&info, &count);
    if (krc == KERN_INVALID_ADDRESS){
        break;
    }
    if (info.is_submap){
        depth++;
    }
    else {
        //do stuff
        printf ("Found region: %08x to %08x\n", (uint32_t)address, (uint32_t)address+size);
        address += size;
    }
}

推荐答案

vmmap调用mach_vm_region_recurse()列出内存区域.

vmmap calls mach_vm_region_recurse() to list the memory regions.

为了查看子图的内容，例如dyld共享缓存的0x90000000..0xa0000000，您需要查找设置了is_submap的区域，然后再次使用相同的地址和更深的nesting_depth调用mach_vm_region_recurse().

In order to see the contents of submaps like the dyld shared cache at 0x90000000..0xa0000000, you'll need to look for regions with is_submap set, and then call mach_vm_region_recurse() again with the same address and a deeper nesting_depth.

这篇关于mach_vm_region_recurse，在osx上映射内存和共享库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！