[Mono-dev] {kinda OT} Linux equivalent of Win32 "ReadProcessMemory"...
Martin Baulig
martin at novell.com
Wed Apr 15 12:33:29 EDT 2009
On Tue, 2009-04-14 at 18:02 -0400, Mike Edenfield wrote:
> I eventually figure that out, it was the source of my seemingly random
> ESRCH errors trying to read from /proc/<pid>/mem. Once I realized that
> I need to PTRACE_ATTACH first, I was all set. I am successfully reading
> memory from my target process.
>
> So far, I've only managed to pull the ELF header out of memory, but it's
> a start. I just need to find a way to tell the difference between each
> possible version of the binary I might run into; the original utility
> relied on the fact that Windows linkers stick a time stamp into the PE
> header at creation time, but I don't see anything similar in ELF.
What do you want to read from the process ? If you're just interested
in the executable, you can also read /proc/PID/exe.
If you just need a timestamp, you may check /proc/PID/exe, which is a
symbolic link to the ELF file, and check its creation time.
--
Martin Baulig - martin at novell.com
Novell GmbH, Nördlicher Zubringer 9-11, 40470 Düsseldorf
GF: Dr. Jürgen Müller, Sylvia Geil, Felix Imendörffer; HRB 21108 (AG Düsseldorf)
More information about the Mono-devel-list
mailing list