I'd like to figure out how does VMMAP process operates.
After running this executable with dtrace, it seems that the method proc_regionfilename that extract the address space of each section in the virtual memory.
So, I dug a little deeper, and found its implementation in xnu under the file
libsyscall/wrappers/libproc/libproc.c
In function body i see that the main call is to proc_pidinfo :
retval = proc_pidinfo(pid, PROC_PIDREGIONPATHINFO, (uint64_t)address, ®info, sizeof(struct proc_regionwithpathinfo));
And proc_pidinfo which calls in its turn to __proc_info symbol :
int __proc_info(int callnum, int pid, int flavor, uint64_t arg, void * buffer, int buffersize);
However, this symbol cannot be found in the code, and i wonder how it's created during pre-compile, compile, link or real time.
Any idea where can i find it, or how does it being created (I haven't tried to compile the kernel yet).
thanks
proc_info
is a syscall, so it's implementation is in the kernel. Source code for the version found in 10.11.2 can be found here:
http://opensource.apple.com/source/xnu/xnu-3248.20.55/bsd/kern/proc_info.c
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With