Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mach_vm_region vs mach_vm_region_recurse

Tags:

c

macos

virtual-memory

What's the difference between mach_vm_region and mach_vm_region_recurse and in which situations would you use which?

The signature of the declaration of the functions are:

kern_return_t mach_vm_region
(
    vm_map_t target_task,
    mach_vm_address_t *address,
    mach_vm_size_t *size,
    vm_region_flavor_t flavor,
    vm_region_info_t info,
    mach_msg_type_number_t *infoCnt,
    mach_port_t *object_name
);
kern_return_t mach_vm_region_recurse
(
    vm_map_t target_task,
    mach_vm_address_t *address,
    mach_vm_size_t *size,
    natural_t *nesting_depth,
    vm_region_recurse_info_t info,
    mach_msg_type_number_t *infoCnt
);

Which function should I use if I want to...

  1. find all valid memory addresses for a process?
  2. find all private memory for a process?
like image 796
Tyilo Avatar asked Jun 10 '13 14:06

Tyilo

1 Answers

The difference is that the vm_region_recurse_64 version allows you to look at the contents of submaps. I won't pretend to be an expert on this topic, but as far as I can see, the most common place where you encounter submaps is when traversing the memory where the frameworks are mapped from the dyld cache (starting at SHARED_REGION_BASE_X86_64 = 0x00007FFF7000000 on x86_64 macs).

vm_region seems to return the submap as a single region.

I think there can be private mappings inside a submap.

Here's an example:

                       00007fff70000000-00007fff76c00000 vm_region
                       00007fff70000000-00007fff76c00000 vm_region_recurse_64    (depth=0, is_submap == TRUE)
                       00007fff7695b000-00007fff76a00000 vm_region_recurse_64 #1 (depth=1, is_submap == FALSE)
                       00007fff76a00000-00007fff76c00000 vm_region_recurse_64 #2 (depth=1, is_submap == FALSE)

And here's how vmstat -interleaved -v reports this:

map                    00007fff70000000-00007fff76c00000 r--/rwx process-only submap
unused split lib       00007fff7695b000-00007fff76999000 system shared library region not used by this process
__DATA                 00007fff76999000-00007fff7699a000 /usr/lib/system/libcompiler_rt.dylib
unused split lib       00007fff7699a000-00007fff769a2000 system shared library region not used by this process
__DATA                 00007fff769a2000-00007fff769a3000 /usr/lib/system/libsystem_notify.dylib
unused split lib       00007fff769a3000-00007fff76a00000 system shared library region not used by this process
unused split lib       00007fff76a00000-00007fff76c00000 system shared library region not used by this process
like image 82
Nickolay Avatar answered Sep 29 '22 13:09

Nickolay
Sign in to Comment

Related questions

Why does gdb stop at a different line than "i b" shows while returning from function?
Questions about anonymous mapped memory in linux
Where to begin with Distributed Computing / Parallel Processing? (Python / C) [closed]
Retrieving DHCP-allocated domain suffix in Linux C
Broken pipe only at the second send on a closed socket
How do I know which serial port to use on Linux?
arm cortex a9 cross compiling strange floating point behaviour
How is object code copied into executable when linking against static library?
What is a MsgPack 'zone'
Read/Write files in C
Transmitting UDP packages with source address 0.0.0.0
What does the preprocessor do with "# <number> <filename>"?
for_each_process - Does it iterate over the threads and the processes as well?
C object file compatibility between computers
Application crashes, but no core dump generated
C encoding of character constants
Impacts of CPU cache on speed
Casting from void* to struct
Algorithm to match one input file with given numbers of file
Convert unsigned long long to double in C

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!