本文介绍如何使用 mdb 工具从用户空间进程的虚拟地址获取对应的物理地址,并读取其内容。通过示例代码展示了从虚拟地址到物理地址转换的过程。
virtual and physical memory map
We can use ::vtop and "\" (format from physical instead of virtual) to retrieve the physical address and content of a virtual address.
# mdb -k
...
> rootfs/s
rootfs:
rootfs: zfs
> rootfs::vtop
virtual fffffffffbc00f48 mapped to physical a400f48
> a400f48\s
0xa400f48: zfs
Things will be a little complexed if we want to make this for a virutal address in application address.
Here is a segment of code to print the virtual address and content of a application pointer.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MSG "Hello, World!"
int main(int argc, char* argv[])
{
int length = strlen(MSG);
char* message = malloc(length + 1);
memcpy(message, MSG, length);
message[length + 1] = 0;
unsigned int address = (unsigned int) message;
printf("Message is: %s\n", message);
printf("Address is: %x\n", address);
getchar();
free(message);
return EXIT_SUCCESS;
}
bash-3.00# cc -g -o test test.c
bash-3.00# ./test
Message is: Hello, World!
Address is: 8060e90
If you want to translate the virtual address 8060e90 to the physical address with mdb. It is ok, when you just run mdb and print string by virtual address:
bash-3.00# mdb -p `ps -a | pgrep test`
Loading modules: [ ld.so.1 libc.so.1 ]
> 8060e90/s
0x8060e90: Hello, World!
But neither "::vtop", nor "\" works.
> 8060e90::vtop
mdb: failed to get physical mapping: operation not supported by target
> 8060e90\s
mdb: failed to read data from target: operation not supported by target
0x8060e90:
Those won't work when attached to a process; the process model doesn't export that. You'll have to run MDB against the live kernel and do it from there:
% cat > tmpc.c <<EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MSG "Hello, World!"
int
main(int argc, char *argv[])
{
char *message = strdup(MSG);
printf("Message: \"%s\" (0x%p)\n", message, message);
getchar();
return (0);
}
EOF
% cc -o tmpc tmpc.c
% ./tmpc & sleep 1
[2] 101948
* note the PID
Message: "Hello, World!" (0x8061128)
* note the virtual address address
[2] + 101948 suspended (tty input) ./tmpc
% su
Password:
# mdb -k
* attach to the running kernel
Loading modules: [ ... ]
> 0t101948::pid2proc
* uses the pid ("0t" indicates decimal)
ffffff0527e33398
> 0t101948::pid2proc | ::print proc_t p_as
p_as = 0xffffff01eca01d00
* this gives the "address space" (as) for the process
> 0x8061128::vtop -a 0xffffff01eca01d00
virtual 8061128 mapped to physical 331a1128
* Now we can print the string from the physical page
> 331a1128\s
0x331a1128: Hello, World!
>
Okay, we've made it.
扫一扫
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
