Python Read Linux Memory Process Error (/Proc/$Pid/Mem)

Python read Linux memory process error (/proc/$pid/mem)

Found the answer myself after some digging:

#!/usr/bin/env python
import ctypes, re, sys

## Partial interface to ptrace(2), only for PTRACE_ATTACH and PTRACE_DETACH.
c_ptrace = ctypes.CDLL("libc.so.6").ptrace
c_pid_t = ctypes.c_int32 # This assumes pid_t is int32_t
c_ptrace.argtypes = [ctypes.c_int, c_pid_t, ctypes.c_void_p, ctypes.c_void_p]
def ptrace(attach, pid):
    op = ctypes.c_int(16 if attach else 17) #PTRACE_ATTACH or PTRACE_DETACH
    c_pid = c_pid_t(pid)
    null = ctypes.c_void_p()
    err = c_ptrace(op, c_pid, null, null)
    if err != 0: raise SysError, 'ptrace', err

pid = "18396"

ptrace(True, int(pid))
maps_file = open("/proc/"+pid+"/maps", 'r')
mem_file = open("/proc/"+pid+"/mem", 'r', 0)
for line in maps_file.readlines():  # for each mapped region
    m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
    if m.group(3) == 'r':  # if this is a readable region
        start = int(m.group(1), 16)
        end = int(m.group(2), 16)
        mem_file.seek(start)  # seek to region start
        chunk = mem_file.read(end - start)  # read region contents
        print chunk,  # dump contents to standard output
maps_file.close()
mem_file.close()
ptrace(False, int(pid))

Reading /proc/pid/mem from ptraced process returns EOF

Well, I don't know if it was a bug caused by some update, or a very specific kernel version or whatever you want to call it. After a clean install of the OS, everything works correctly. I can get the instruction stream, and the the read function always returns data.

Before wiping the HD and prior to the installation, I tried ptrace(PTRACE_PEEKDATA) without luck. Now everything works as it should.

I don't really believe this question is going to help anybody, but sometimes a clean start is the way to go. As much as I hate to admit it, it's happened to me from time to time, not always related to coding software.

Total memory used by Python process?

Here is a useful solution that works for various operating systems, including Linux, Windows, etc.:

import os, psutil
process = psutil.Process(os.getpid())
print(process.memory_info().rss)  # in bytes 

Notes:

• do pip install psutil if it is not installed yet

• handy one-liner if you quickly want to know how many MB your process takes:

  import os, psutil; print(psutil.Process(os.getpid()).memory_info().rss / 1024 ** 2)
  

• with Python 2.7 and psutil 5.6.3, it was process.memory_info()[0] instead (there was a change in the API later).

Linux : /proc/ PID /exe return path to executable '/bin/bash' for process located at '/home/ USER /new/v'

Nothing is going wrong. 'v' is a shell script, and /bin/bash is the
executable process that is actually running. You might be able to get
more information out of /proc/$$/cmdline (or comm), depending on what
problem you're actually trying to solve. Alternatively, you might use
the netlink interface to monitor fork and exec calls.

Note that when a new process starts, it has the same executable
as its parent.

---

Related Topics