I've got a full-heap core dump from a dead process on an x86 Linux machine (kernel 2.6.35-22 if it matters), which I'm attempting to debug in GDB.
Is there a GDB command I can use that means "show me a list of all the memory address regions allocated by this process?" In other words, can I figure out what all the possible valid memory addresses are that I can examine in this dump?
The reason I ask is that I need to search across the entire process heap for a certain binary string, and in order to use the find
command, I need to have a start and end address. Simply searching from 0x00 to 0xff.. doesn't work because find
halts as soon as it encounters an address it can't access:
(gdb) find /w 0x10000000, 0xff000000,
0x12345678
warning: Unable to access target memory at 0x105ef883, halting
search.
So I need to get a list of all the readable address regions in memory so I can search them one at a time.
(The reason I need to do that is I need to find all the structs in memory that point at a certain address.)
None of show mem
, show proc
, info mem
, info proc
seem to do what I need.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…