Menu
I'm trying to find a certain value (integer magic number (654321)) in a running process that I'm currently attached to using GDB.
I found a find [/sn] start_addr, +len, val1 [, val2, ...] command, but it requires start and end address, yet I don't know where my process memory starts and where it ends.
This seems to be very common problem, yet I remember googling for it a year ago, and I repeated that now with no success, so.. How do I know where process memory starts and where it ends?
870
The idea of "all memory" is complicated in a modern process. What you really have are many mappings, from different sources. You can enumerate these (be sure not to try to read from maps without read access! Also, you probably want to apply some intelligence so you don't end up searching the .text sections of your shared libraries, etc...) by reading /proc/$pid/maps at runtime, and then script something to feed gdb the appropriate commands. Honestly I think it might be simplest to write a routine in the binary itself to do this and just call it from gdb.
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
