/proc/PID/maps提供了进程的memory layout,下面脚本根据给定地址找出相应的库名:
#!/usr/bin/python
from __future__ import print_function
import sys
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import bisect
import re
import lp_util
VERBOSE = False
def process(line, mapset):
pattern = r'([0-9a-f]+)-([0-9a-f]+) ([rwxps-]+) ([0-9a-f]+) ([0-9a-f:]+) ([0-9]+)s+(S*)'
match_obj = re.match(pattern, line)
if match_obj is not None:
one_mapping = match_obj.group(0)
addr_start = int(match_obj.group(1), 16)
addr_end = int(match_obj.group(2), 16)
permission = match_obj.group(3)
offset = match_obj.group(4)
device = match_obj.group(5)
inode = match_obj.group(6)
pathname = match_obj.group(7)
print(hex(addr_start), hex(addr_end), permission, offset, device, inode, pathname)
mapset.append({'addr_start':addr_start, 'addr_end':addr_end, 'permission':permission, 'offset':offset, 'device':device, 'inode':inode, 'pathname':pathname})
else:
print("Invalid maps")
def usage():
print("usage:", sys.argv[0], "maps_file")
def find_map(mapset, keys, addr):
addr = int(addr, 16)
index = bisect.bisect_right(keys, addr)
if VERBOSE:
print("addr = ", addr)
print("index = ", index)
print(keys)
if index == 0:
return None
if addr < mapset[index - 1]['addr_end']:
return mapset[index - 1]
else:
return None
def main():
argc = len(sys.argv)
if argc != 2:
usage()
sys.exit()
try:
in_file = open(sys.argv[1], "r")
except:
sys.exit("Error opening file ", sys.argv[1])
mapset = []
while True:
line = in_file.readline()
if not line:
break
process(line, mapset)
in_file.close()
print("Parsing done, item num = ", len(mapset))
mapset.sort(key = lambda r:r['addr_start'])
keys = [r['addr_start'] for r in mapset]
while True:
addr = raw_input("Please enter an address:")
if not lp_util.addr_is_valid(addr):
print("Invalid input")
continue
map_item = find_map(mapset, keys, addr)
if map_item is not None:
print("lib name = ", map_item['pathname'])
else:
print("Not found")
if __name__ == "__main__":
main()
lp_util.py中为一个简单的地址格式检查函数,保证不要错得太离谱
import re
def addr_is_valid(addr):
match_obj = re.match(r'^(0x)?[0-9a-f]{1,}$', addr)
return match_obj is not None
如maps文件为:
00400000-00409000 r-xp 00000000 08:01 1835099 /usr/bin/bluetooth-applet 00608000-00609000 r--p 00008000 08:01 1835099 /usr/bin/bluetooth-applet 00609000-0060a000 rw-p 00009000 08:01 1835099 /usr/bin/bluetooth-applet 00861000-00af8000 rw-p 00000000 00:00 0 [heap] 7f7164000000-7f7164022000 rw-p 00000000 00:00 0 7f7164022000-7f7168000000 ---p 00000000 00:00 0 7f7168000000-7f7168022000 rw-p 00000000 00:00 0 7f7168022000-7f716c000000 ---p 00000000 00:00 0 7f716d1c3000-7f716d314000 r-xp 00000000 08:01 1836558 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8 7f716d314000-7f716d513000 ---p 00151000 08:01 1836558 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8 7f716d513000-7f716d51b000 r--p 00150000 08:01 1836558 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8 7f716d51b000-7f716d51d000 rw-p 00158000 08:01 1836558 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8 7f716d51d000-7f716d51e000 rw-p 00000000 00:00 0 7f716d51e000-7f716e713000 r--p 00000000 08:01 2917167 /usr/share/icons/hicolor/icon-theme.cache 7f716e713000-7f716effe000 r--p 00000000 08:01 2752557 /usr/share/icons/gnome/icon-theme.cache ...
输入0x7f716d513123,输出相应的库名/usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8