Article Directory
1. pmap command
pmap
Command to view information about the memory image of the process, the output from the content /proc/<pid>/maps
and /proc/<pid>/smaps
these two files, maps
the file contains a description about each piece of memory, smaps
it contains specific details of each section
1.1 How to use
It man pmap
can be used in Linux system to view its help file. The format of this command is pmap [options] pid
as follows:
Options | Features |
---|---|
-x, --extended | Display extended format |
-d, --device | Display device format |
-q, --quiet | Do not display header and end lines |
-A, --range low,high | Display the results of a given address range, the parameters are separated by commas |
-X | Show more detailed information than the -x option, the information comes from the file /proc/PID/smaps |
-XX | Display all the information that the kernel can provide |
-c, --read-rc | Read the default configuration |
-V, --version | Display version information |
1.2 Example
pmap -x 7642
Command to print the memory information of process 7642, where The meanings of the extended format and device format fields are as follows
Field | meaning |
---|---|
Address | Image start address |
Kbytes | Image size |
RSS | Resident set size |
Dirty | Dirty page size |
Mode | Image permissions |
Mapping | Image support file, [anon] is allocated memory [stack] is program stack |
Offset | File offset |
Device | Equipment name |
// 进程启动命令
7642: java -Xmx256m -server -XX:+PrintGCApplicationStoppedTime -jar bin/center.jar
Address Kbytes RSS Dirty Mode Mapping
0000000000400000 4 0 0 r-x-- java
0000000000600000 4 4 4 rw--- java
00000000018dc000 1208 1092 1092 rw--- [ anon ]
00000000f0000000 257536 134672 134672 rw--- [ anon ]
00000000ffb80000 4608 0 0 ----- [ anon ]
0000000100000000 12080 12052 12052 rw--- [ anon ]
0000000100bcc000 1036496 0 0 ----- [ anon ]
00007f53dda8d000 256 60 60 rw--- [ anon ]
......
2. gdb debugging tool
Using the gdb
tool to the specified address range of the memory dump, this operation affects the service, to be noted dump the memory block size, with caution. The meaning of the following command isdump specifies the process 13618 start address is 0x7ffc0508b000, end address is 0x7ffc0508b000 plus the memory of offset 132000, and save it to 199.dump file
gdb --batch --pid 13618 -ex "dump memory 199.dump 0x7ffc0508b000 0x7ffc0508b000+132000"
You can use memory starting address pmap
command to view, Address
the field is the memory address, but be carefulNeed to change the high 0 of the address to the 0x
beginningSuch dump above 0000000000400000 开始,0000000000600000 结束的内存
, need to be converted to 0x400000 0x600000
or used an offset manner0x400000 0x400000+4000
out of the dump file is actually a binary form of the direct view is a bunch of garbage, you can use strings -n 10 199.dump
to view more than 10 characters memory contents
- In fact, even to this point it is difficult to see useful information, follow-up can use
perf
the tool to continue the investigation. Useperf record -g -p <pid>
open monitoring function call stack, running for some time after the end of Ctrl + C will generate a file perf.data, executionperf report -i perf.data
View Report