01-13-2009
Memory sniffing in linux
I am trying to create an application that will be able to sniff memory of other applications.
I am not completely new to systems programming but I am not sure how to go about this task. I understand that accomplishing this mainly require these steps.
1: Get a list of processes
2: Find the process you want to sniff.
3: Get a list of page tables assigned to that process
4: Get R / R/W access to these page tables.
5: Sniff away.
I can do 1&2 just fine, but I have no clue how to accomplish the rest.
I understand that 3 will have to do something with the process control block, and 4 will probably have to do with some system calls with high privileges.
Any advice on doing this would be appreciated, and if there are any books on this subject in particular, that would be great as well.
9 More Discussions You Might Find Interesting
1. IP Networking
Hi All,
On a solaris box A port B
in which port B is established and receiving data.
My question is how do i listen on that established port ,
how can i get the data received at box A: port B through my application
I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
2. Programming
Hi,
Does any one know what tool to use to visualize how is memory layed out for C on linux systems. I mean how much stack portion is used in functional call.
Where exactly does the argument to function sit in memory ?
I have written small program pasted below. But I am not able to infer... (3 Replies)
Discussion started by: parasa
3 Replies
3. UNIX for Advanced & Expert Users
Hi,
I having problem with my linux machine
it have 6Gb physical memory and somehow it always almost coming to the bottom neck and than it start writing to the swap memory
you can see that there is more than 4G in cahce, is there any way to clean the cache or to limit it to 2Gb?
host1... (6 Replies)
Discussion started by: Igal Malka
6 Replies
4. Programming
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
5. Shell Programming and Scripting
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
6. Linux
Hi All,
We are using the linux servers and need to track the memory utilization of the box. Could anyone advice how the same can be achived.
:) (1 Reply)
Discussion started by: haitorajesh
1 Replies
7. What is on Your Mind?
Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.)
Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies
8. Red Hat
Hello, I am using Linux os.
$ df -k /dev/shm
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 2023256 1065000 958256 53% /dev/shm
$
Based on my google this, it is shared memory. What is this shared memory and where exactly it is used? Can you... (5 Replies)
Discussion started by: govindts
5 Replies
9. Linux
Hi All,
We are running a python application on an RHEL 7 VM machine hosted in Azure. Machine has 8GB of memory & 2GB of swap space configured as swap file. Below the output of free command from the server.
#-> free -h
total used free shared buff/cache ... (12 Replies)
Discussion started by: veeresh_15
12 Replies
LEARN ABOUT HPUX
getaudproc
getaudproc(2) System Calls Manual getaudproc(2)
NAME
getaudproc() - get the audit process flag for the calling process
SYNOPSIS
DESCRIPTION
returns the audit process flag for the calling process. The audit process flag (u_audproc) determines whether the process run by a given
user should be audited. The process is audited if the returned flag is 1. If the returned flag is 0, the process is not audited. This
call is restricted to users with the privilege.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, the audit process flag is returned; otherwise, a is returned and is set to indicate the error.
ERRORS
fails if the following is true:
The caller does not have the
privilege.
AUTHOR
was developed by HP.
SEE ALSO
setaudproc(2), privileges(5).
getaudproc(2)