Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

GDB: Listing all mapped memory regions for a crashed process

Tags:

c

linux

gdb

I've got a full-heap core dump from a dead process on an x86 Linux machine (kernel 2.6.35-22 if it matters), which I'm attempting to debug in GDB.

Is there a GDB command I can use that means "show me a list of all the memory address regions allocated by this process?" In other words, can I figure out what all the possible valid memory addresses are that I can examine in this dump?

The reason I ask is that I need to search across the entire process heap for a certain binary string, and in order to use the find command, I need to have a start and end address. Simply searching from 0x00 to 0xff.. doesn't work because find halts as soon as it encounters an address it can't access:

(gdb) find /w 0x10000000, 0xff000000, 0x12345678

warning: Unable to access target memory at 0x105ef883, halting search.

So I need to get a list of all the readable address regions in memory so I can search them one at a time.

(The reason I need to do that is I need to find all the structs in memory that point at a certain address.)

None of show mem, show proc, info mem, info proc seem to do what I need.

like image 990
Crashworks Avatar asked Apr 17 '11 03:04

Crashworks


1 Answers

In GDB 7.2:

(gdb) help info proc Show /proc process information about any running process. Specify any process id, or use the program being debugged by default. Specify any of the following keywords for detailed info:   mappings -- list of mapped memory regions.   stat     -- list a bunch of random process info.   status   -- list a different bunch of random process info.   all      -- list all available /proc info. 

You want info proc mappings, except it doesn't work when there is no /proc (such as during pos-mortem debugging).

Try maintenance info sections instead.

like image 138
Employed Russian Avatar answered Oct 08 '22 22:10

Employed Russian