Re: Parsing Structures postmortem from memory dump

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Dan Noé <dpn@...>

To: Adrian Sud <pigsflew2008@...>

Cc: Linux Kernel Mailing List <linux-kernel@...>

Subject: Re: Parsing Structures postmortem from memory dump

Date: Tuesday, May 6, 2008 - 6:37 pm

Adrian Sud wrote:
quoted text> I've looked at /include/linux/sched.h and tried to understand the 
> task_struct structure, but it appears to be variable-length, determined 
> at compile time, and I can't tell exactly how these are stored 
> throughout memory--In a list? a tree?

The task_struct structures are stored on one or more lists.  Note the 
list_head types within the structure - each of this is a list that the 
structure is (potentially) a member of.

This is a good explanation of how the kernel's lists work:

http://kernelnewbies.org/FAQ/LinkedLists

I don't know if a generalized printer/parser exists for the kernel 
linked list, but this might be a good way to start exploring your 
project.  There are macros to traverse the lists easily, so it shouldn't 
be too difficult.

Hope that helps.

Cheers,
Dan

-- 
                     /--------------- - -  -  -   -   -
                     |  Dan Noé
                     |  http://isomerica.net/~dpn/
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Parsing Structures postmortem from memory dump, Adrian Sud, (Tue May 6, 3:04 pm)

Re: Parsing Structures postmortem from memory dump, Dan Noé, (Tue May 6, 6:37 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Linus Torvalds	Re: O_DIRECT question
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Dave Airlie	Re: [2.6.25-rc6] possible regression: X server dying
Florian Schmidt	blacklist kernel boot option
git:
Petr Baudis	repo.or.cz wishes?
Jon Smirl	! [rejected] master -> master (non-fast forward)
Matthieu Moy	[BUG] git-svn dcommit fails (connection closed unexpectedly)
Jakub Narebski	Git User's Survey 2007 partial summary
openbsd-misc:
Ondřej Surý	openbgp not exporing ipv6 to routing tables
Nick Guenther	Re: Real men don't attack straw men
Christophe Rioux	OpenBSD as host for VMWare Server
Bambero	two wan interfaces
netbsd-tech-kern:
Warner Losh	Re: SMP re-eetrancy in "bottom half" drivers
Martin Husemann	Re: Prototype kernel continuation-passing for NetBSD
Martin Husemann	Dynamic registry of ehternet frame types
der Mouse	Re: file id alignment

Latest forum posts


Serial Driver Implementation Help	4 hours ago	Linux kernel
aacraid bad	4 hours ago	Linux general
Does ICH8 support AHCI?	13 hours ago	Linux kernel
Tools: GCC 3.4.6, Final GCC 3 Release	1 day ago	Applications and Utilities
GNU/Hurd is so awful	2 days ago	GNU/Hurd
read /dev/mem not working in 2.6	3 days ago	Linux general
Issues with NETLINK sockets	4 days ago	Linux kernel
Anyone experiancing compiling issues with 2.6.26.6 patching with rt patch 2.6.26.6-rt11?	4 days ago	Linux kernel
Change network interface from eth0 to ppp0	5 days ago	Linux general
kernel module to intercept socket creation	5 days ago	Linux kernel

Show all forums...

Recent Tags

more tags

Colocation donated by:

Online users

Syndicate