The most authoritative explanation is definitely the man manual, the address of the man manual of the Linux system proc directory: https://linux.die.net/man/5/proc. Although there are some discrepancies with Android, but a large part is the same, with reference.
1. / proc directory
First, let's introduce the / proc directory. It is a virtual directory. The files and directories under it are also virtual. They do not occupy the actual storage space, but exist in the system memory. proc provides an interface for accessing the system kernel in the form of a file system. It dynamically reads the required information from the system kernel.
- / proc / cmdline: displays the command line for kernel startup.
- / proc / cpuinfo: displays the system cpu information.
- / proc / filesystems, displays a list of currently registered file systems, nodev represents a virtual file system.
- / proc / interrupts: Display interrupt information of the current system.
- / proc / ioports: List of occupied input / output address ranges.
- / proc / kmsg: Output kernel message log.
- / proc / loadavg: monitors the average CPU load, its value is the cumulative value of CPU usage on all cores, the first three indicate the average load of the last 1, 5, and 15 minutes, and the fourth indicates the current number of running processes and the total number of processes The last one indicates the id of the most recently run process.
- / proc / locks: Open the lock information on the file.
- / proc / meminfo: Displays the physical and virtual memory usage.
- / proc / misc: The device driver registered by the kernel function misc_register.
- / proc / modules: list of loaded kernel modules.
- Proc / mounts: The file system information installed by the current system (including manual installation).
- / proc / stat: brief system information.
- / proc / uptime: Represents the system startup time and system idle time, respectively.
- / proc / version: system kernel version.
- / proc / net: The actual mount point is / proc / self / net, which can display the current network conditions. For example, you can view the tcp connection number and connection status through the tcp file.
- / proc / sys reports various kernel parameters, some of which can be modified in the case of root.
- / proc / devices All hardware and software devices (character devices and block devices) currently mounted, including the major device number and device name.
- / proc / asound: sound card related information.
- / proc / buddyinfo: How many blocks are available for each order in each memory area is related to the problem of memory fragmentation.
- / proc / bus: Enter device information.
- / proc / cgroups: View cgroups subsystem information.
- / proc / diskstats: Used to display disks, partitions, and statistics.
- / proc / execdomains: Security related information.
- / proc / fb: frame buffer device information.
- / proc / iomem: records the allocation of physical addresses.
- / proc / kallsyms: Kernel symbol table information.
- / proc / pagetypeinfo: memory paging information.
- / proc / partitions: partition information
- / proc / sched_debug: CPU scheduling information.
- / proc / softirqs: Soft interrupt conditions.
- / proc / vmallocinfo: vmalloc memory allocation information.
- / proc / vmstat: Statistics of virtual memory.
- / proc / pid: displays all information related to entering the city.
It can be said that almost all the information of the system can be found in the / proc directory.
2. / proc / XXX / process directory
There are many directories under the / proc directory whose names are numbers. These directories store information about all processes running in the current system. The numbers correspond to the pid of the process.
$ ls -d /proc/[0-9]*
/proc/1/ /proc/302/ /proc/451/ /proc/496/ /proc/556/ /proc/633/
/proc/127/ /proc/317/ /proc/452/ /proc/497/ /proc/557/ /proc/718/
/proc/2/ /proc/339/ /proc/453/ /proc/5/ /proc/558/ /proc/755/
/proc/250/ /proc/385/ /proc/454/ /proc/501/ /proc/559/ /proc/760/
/proc/260/ /proc/4/ /proc/455/ /proc/504/ /proc/565/ /proc/761/
/proc/275/ /proc/402/ /proc/463/ /proc/505/ /proc/569/ /proc/9884/
/proc/290/ /proc/433/ /proc/487/ /proc/509/ /proc/594/ /proc/774/
/proc/3/ /proc/450/ /proc/491/ /proc/554/ /proc/595/
# ls -l 9884/
dr-xr-xr-x shell shell 2016-10-19 15:51 attr
-r-------- shell shell 0 2016-10-19 15:51 auxv
-r--r--r-- shell shell 0 2016-10-19 15:51 cgroup
--w------- shell shell 0 2016-10-19 15:51 clear_refs
-r--r--r-- shell shell 0 2016-10-18 17:19 cmdline
-rw-r--r-- shell shell 0 2016-10-19 15:51 comm
-rw-r--r-- shell shell 0 2016-10-19 15:51 coredump_filter
lrwxrwxrwx shell shell 2016-10-19 15:51 cwd -> /
-r-------- shell shell 0 2016-10-19 15:51 environ
lrwxrwxrwx shell shell 2016-10-18 18:55 exe -> /system/bin/adb
dr-x------ shell shell 2016-10-19 15:51 fd
dr-x------ shell shell 2016-10-19 15:51 fdinfo
-r--r--r-- shell shell 0 2016-10-19 15:51 limits
-rw-r--r-- shell shell 0 2016-10-19 15:51 loginuid
-r--r--r-- shell shell 0 2016-10-19 15:51 maps
-rw------- shell shell 0 2016-10-19 15:51 mem
-r--r--r-- shell shell 0 2016-10-19 15:51 mountinfo
-r--r--r-- shell shell 0 2016-10-19 15:51 mounts
-r-------- shell shell 0 2016-10-19 15:51 mountstats
dr-xr-xr-x shell shell 2016-10-19 15:51 net
dr-x--x--x shell shell 2016-10-19 15:51 ns
-rw-r--r-- shell shell 0 2016-10-19 15:51 oom_adj
-r--r--r-- shell shell 0 2016-10-19 15:51 oom_score
-rw-r--r-- shell shell 0 2016-10-19 15:51 oom_score_adj
-r--r--r-- shell shell 0 2016-10-19 15:51 pagemap
-r--r--r-- shell shell 0 2016-10-19 15:51 personality
lrwxrwxrwx shell shell 2016-10-19 15:51 root -> /
-r--r--r-- shell shell 0 2016-10-19 15:51 schedstat
-r--r--r-- shell shell 0 2016-10-19 15:51 sessionid
-r--r--r-- shell shell 0 2016-10-19 15:51 smaps
-r--r--r-- shell shell 0 2016-10-19 15:51 stack
-r--r--r-- shell shell 0 2016-10-18 17:19 stat
-r--r--r-- shell shell 0 2016-10-19 15:51 statm
-r--r--r-- shell shell 0 2016-10-18 21:42 status
dr-xr-xr-x shell shell 2016-10-18 18:58 task
-r--r--r-- shell shell 0 2016-10-19 15:51 wchan
- cmdline : This (virtual) file contains the entire command line to start the process. It was never formatted: there were no spaces between the program and its parameters, and there were no line breaks at the end of the line.
- cwd : The symbolic link points to the current working directory of the process. Now I have basically seen the root directory. From the output above, it can be seen that it is linked to the root directory.
- environ : This file contains all environment variables defined for the process in the format variable = value . Like the cmdline file, its content has never been formatted: there are no lines between the variables, and there is no line break at the end of the file.
- exe : This is a symbolic link to an executable program file executed by the process. The above output can be seen linking to / system / bin / adb, the general user process is linked to / system / bin / app_process, this is the actual implementation file of the zygote process, because all processes are hatched by zygote, so here Will link to it.
- fd : This subdirectory contains all the descriptors currently opened by the process. Let's take a look at the output of process 9884:
In fact, this is a list of file descriptors opened by the process. Each descriptor is represented by a symbolic link, whose name is the number of the descriptor and points to the file opened by the descriptor. Note the permissions of these symbolic links: their meaning only represents the permissions of the file opened by the corresponding descriptor.root@hammerhead:/proc/9884 # ls -l fd/ lr-x------ shell shell 2016-10-19 16:41 0 -> /dev/null l-wx------ shell shell 2016-10-19 16:41 1 -> /dev/null lrwx------ shell shell 2016-10-19 16:41 11 -> socket:[421052] l-wx------ shell shell 2016-10-19 16:41 2 -> /dev/null lrwx------ shell shell 2016-10-19 16:41 3 -> socket:[448153] lrwx------ shell shell 2016-10-19 16:41 4 -> socket:[448154] lrwx------ shell shell 2016-10-19 16:41 5 -> socket:[449926] lrwx------ shell shell 2016-10-19 16:41 6 -> socket:[449927] lrwx------ shell shell 2016-10-19 16:41 7 -> socket:[449928] lr-x------ shell shell 2016-10-19 16:41 9 -> /dev/__properties__
- maps : This file shows the distribution of the virtual address space of the process. The file has 6 columns, and the columns from left to right are:
Address: the address range of the library in the processPermissions: permissions for virtual memory, r = read, w = write, x =, s = shared, p = private;Offset: the address range of the library in the processDevice: The major and minor device numbers of the image file. When the device number is 0 and there is no inode number or file name, it is an anonymous mapping, indicating that no node corresponds to memory ;Node: the node number of the image file;Path: The path of the image fileEach item corresponds to a vm_area_struct structure member.
Examples:
root@hammerhead:/proc/9884 # cat maps b6bb6000-b6bb8000 rw-p 00000000 00:00 0 b6cb8000-b6cb9000 ---p 00000000 00:00 0 b6cb9000-b6db6000 rw-p 00000000 00:00 0 [stack:9885] b6db6000-b6dd6000 r--s 00000000 00:0b 6245 /dev/__properties__ b6dd6000-b6dee000 r-xp 00000000 b3:19 949 /system/lib/libm.so b6dee000-b6def000 r--p 00017000 b3:19 949 /system/lib/libm.so b6def000-b6df0000 rw-p 00018000 b3:19 949 /system/lib/libm.so b6df0000-b6df1000 r-xp 00000000 b3:19 1065 /system/lib/libstdc++.so b6df1000-b6df2000 r--p 00000000 b3:19 1065 /system/lib/libstdc++.so b6df2000-b6df3000 rw-p 00001000 b3:19 1065 /system/lib/libstdc++.so b6df3000-b6e3a000 r-xp 00000000 b3:19 827 /system/lib/libc.so b6e3a000-b6e3b000 ---p 00000000 00:00 0 b6e3b000-b6e3d000 r--p 00047000 b3:19 827 /system/lib/libc.so b6e3d000-b6e40000 rw-p 00049000 b3:19 827 /system/lib/libc.so b6e40000-b6e4e000 rw-p 00000000 00:00 0 b6e4e000-b6f25000 r-xp 00000000 b3:19 849 /system/lib/libcrypto.so b6f25000-b6f26000 ---p 00000000 00:00 0 b6f26000-b6f32000 r--p 000d7000 b3:19 849 /system/lib/libcrypto.so b6f32000-b6f38000 rw-p 000e3000 b3:19 849 /system/lib/libcrypto.so b6f38000-b6f3a000 rw-p 00000000 00:00 0 b6f3a000-b6f3c000 r--p 00000000 00:00 0 b6f3c000-b6f3e000 rw-p 00000000 00:00 0 b6f3e000-b6f4d000 r-xp 00000000 b3:19 176 /system/bin/linker b6f4d000-b6f4e000 r--p 0000e000 b3:19 176 /system/bin/linker b6f4e000-b6f4f000 rw-p 0000f000 b3:19 176 /system/bin/linker b6f4f000-b6f50000 rw-p 00000000 00:00 0 b6f50000-b6f6a000 r-xp 00000000 b3:19 113 /system/bin/adb b6f6a000-b6f6b000 r--p 00019000 b3:19 113 /system/bin/adb b6f6b000-b6f6c000 rw-p 0001a000 b3:19 113 /system/bin/adb b6f6c000-b6f7d000 rw-p 00000000 00:00 0 b7041000-b7044000 rw-p 00000000 00:00 0 [heap] bebcc000-bebed000 rw-p 00000000 00:00 0 [stack] ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors]
According to the above introduction, you can easily understand the meaning of each field. Two points need to be explained:1. b6f38000-b6f3a000 rw-p 00000000 00:00 0,具有rw-p权限,并且后面的设备号路径都是0的,是堆空间。
2. 为什么每个so都出现三次,看它们的权限就明白了,r-xp是代码段,r--p是只读数据段,rw-p是读写数据段。
- root:该符号链接指向该进程使用的根目录。通常为 /。
- stat: 包含了进程的众多信息和与CPU相关的信息,所有值都是从系统启动开始累计到当前时刻的。
root@hammerhead:/proc/9884 # cat stat 9884 (adb) S 1 9882 5801 0 -1 1077936128 304 0 2 0 125 378 0 0 20 0 2 0 2477313 3063808 220 4294967295 3069509632 3069614751 3200174704 3200165768 3068212952 0 0 4096 42232 4294967295 0 0 17 0 0 0 0 0 0 3069619180 3069621324 3070496768
解释:pid=9884 进程(包括轻量级进程,即线程)号
comm=adb 应用程序或命令的名字
task_state=S 任务的状态,R:runnign, S:sleeping (TASK_INTERRUPTIBLE), D:disk sleep (TASK_UNINTERRUPTIBLE), T: stopped, T:tracing stop,Z:zombie, X:dead
ppid=1 父进程ID
pgid=9882 线程组号
sid=5801 c该任务所在的会话组ID
后面字段与我在网上查到的不一样,这里就暂时先不列出来了,等后续我查清楚了再列出来。
- statm: 包含了进程的内存页面相关的信息。
解释:root@hammerhead:/proc/9884 # cat statm 748 220 169 26 0 333 0
size(pages):任务虚拟地址空间大小,VmSize/4
Resident(pages):正在使用的物理内存大小,VmRSS/4
Shared(pages):共享页数
Trs(pages):程序所拥有的可执行虚拟内存大小, VmExe/4
Lrs(pages):被映像倒任务的虚拟内存空间的库的大小,VmLib/4
Drs(pages):程序数据段和用户态的栈的大小,(VmData+ VmStk )/4
dt(pages):脏页数量
- status:该文件包含该进程的众多信息:可执行文件名、当前状态、PID 和 PPID、实际及有效的 UID 和 GID、内存使用情况、以及其他。请注意,stat 和 statm 现已过时。它们包含的信息现存于 status。
root@hammerhead:/proc/9884 # cat status Name: adb State: S (sleeping) Tgid: 9884 Pid: 9884 PPid: 1 TracerPid: 0 Uid: 2000 2000 2000 2000 Gid: 2000 2000 2000 2000 FDSize: 32 Groups: 1003 1004 1007 1011 1015 1028 3001 3002 3003 3006 VmPeak: 4012 kB VmSize: 2992 kB VmLck: 0 kB VmPin: 0 kB VmHWM: 880 kB VmRSS: 880 kB VmData: 1196 kB VmStk: 136 kB VmExe: 104 kB VmLib: 1304 kB VmPTE: 8 kB VmSwap: 0 kB Threads: 2 SigQ: 1/12274 SigPnd: 0000000000000000 ShdPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 0000000000001000 SigCgt: 000000000000a4f8 CapInh: 0000000000000000 CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: fffffff0000000c0 Cpus_allowed: f Cpus_allowed_list: 0-3 voluntary_ctxt_switches: 7 nonvoluntary_ctxt_switches: 46
解释:Name 应用程序或命令的名字
State 任务的状态,运行/睡眠/僵死/
SleepAVG 任务的平均等待时间(以nanosecond为单位),交互式任务因为休眠次数多、时间长,它们的 sleep_avg 也会相应地更大一些,所以计算出来的优先级也会相应高一些。
Tgid 线程组号
Pid 任务ID
Ppid 父进程ID
TracerPid 接收跟踪该进程信息的进程的ID号
Uid Uid euid suid fsuid
Gid Gid egid sgid fsgid
FDSize 文件描述符的最大个数,file->fds
Groups
VmSize(KB) 任务虚拟地址空间的大小 (total_vm-reserved_vm),其中total_vm为进程的地址空间的大小,reserved_vm:进程在预留或特殊的内存间的物理页
VmLck(KB) 任务已经锁住的物理内存的大小。锁住的物理内存不能交换到硬盘 (locked_vm)
VmRSS(KB) 应用程序正在使用的物理内存的大小,就是用ps命令的参数rss的值 (rss)
VmData(KB) 程序数据段的大小(所占虚拟内存的大小),存放初始化了的数据; (total_vm-shared_vm-stack_vm)
VmStk(KB) 任务在用户态的栈的大小 (stack_vm)
VmExe(KB) 程序所拥有的可执行虚拟内存的大小,代码段,不包括任务使用的库 (end_code-start_code)
VmLib(KB) 被映像到任务的虚拟内存空间的库的大小 (exec_lib)
VmPTE 该进程的所有页表的大小,单位:kb
Threads 共享使用该信号描述符的任务的个数,在POSIX多线程序应用程序中,线程组中的所有线程使用同一个信号描述符。
SigQ 待处理信号的个数
SigPnd 屏蔽位,存储了该线程的待处理信号
ShdPnd 屏蔽位,存储了该线程组的待处理信号
SigBlk 存放被阻塞的信号
SigIgn 存放被忽略的信号
SigCgt 存放被俘获到的信号
CapInh Inheritable,能被当前进程执行的程序的继承的能力
CapPrm Permitted,进程能够使用的能力,可以包含CapEff中没有的能力,这些能力是被进程自己临时放弃的,CapEff是CapPrm的一个子集,进程放弃没有必要的能力有利于提高安全性
CapEff Effective,进程的有效能力
CapBnd:是系统的边界能力,我们无法改变它。
Cpus_allowed:f指出该进程可以使用CPU的亲和性掩码,因为我们指定为4块CPU,所以这里就是F(1111)。Cpus_allowed_list:0-3指出该进程可以使用CPU的列表,这里是0-3。voluntary_ctxt_switches表示进程主动切换的次数.nonvoluntary_ctxt_switches表示进程被动切换的次数.
- mem:这是一个很重要的虚拟文件,它可以用来访问该进程的内存页面,你可以通过open、read、lseek函数来访问里面的内容。如果你用cat来打印里面的内容是会出错的。这个文件的主要用途我觉得是其它进程如果想要访问这个进程内存的话,就需要通过对它的读取了。
另外/proc/9884/下还有很多其它的文件和目录,后续会慢慢补齐。