Hi; I am trying to generate a list of all files in memory on my machine. I have been playing with 'lsof' to see if it can generate all files, but I am not sure of the results. Does 'lsof -a' give me *all* files and processes? Does it include files (or buffer addresses) opened by the kernel and even BIOS? How can I get a fixed snapshot of memory so that I can associate files with processes? (PIDs change with each bootup.) I want to trace what those processes are and find any names that might be different in plain language. Post-amble I am coming to the end of my second iteration of how Linux works. I am doing a write up for myself of what I have learnt, searching for gaps and confusions. I would like to touch and see some things, at least once in my life, as away of confirming what I have learnt. With that said, I would like to see the files that exist after bootup in memory (VM) starting at Ox00000000 including BIOS space, kernel space and the top of user space (essential user programs, but not necessarily running applications). Is this even possible? I plan to build a diagram for myself of what is normally in memory. I am not afraid of too much detail, but I want to be sure I've got everything. Manuals that I have, discuss the loading of files and tables in kernel space but not in a comprehensive fashion. Usually only in conjunction with the topic under discussion. If I sort through the manuals and just use them as reference, I can't be sure that I have everything (or too much). Dumb question: Using lsof -a I get a lot of files marked as being owned by root (after all I am in root to run lsof); are these all root user files or is the kernel mixed in there? In the case of looking at memory what would the kernel and BIOS be called? Regards Bill