On Wed, Dec 21, 2005 at 11:41:40AM -0500, William Case wrote: > Hi; > > I am trying to generate a list of all files in memory on my machine. > > I have been playing with 'lsof' to see if it can generate all files, but > I am not sure of the results. > > Does 'lsof -a' give me *all* files and processes? Does it include files > (or buffer addresses) opened by the kernel and even BIOS? How can I get no. You really can't see what's going on in kernel space. that's by design. i guess you could read /dev/mem, but that's discouraged. > With that said, I would like to see the files that exist after bootup in > memory (VM) starting at Ox00000000 including BIOS space, kernel space > and the top of user space (essential user programs, but not necessarily > running applications). Is this even possible? Not really. Things like BIOS don't map into the memory map. Why would you even want to see such things? Its going to be 4G of data on x86 (ignoring High Mem). Its going to be mostly meaningless. > I plan to build a diagram for myself of what is normally in memory. I > am not afraid of too much detail, but I want to be sure I've got You can say block chunks and figure it out in general. Like, you should be able to figure out where in the virtual address space certain libraries are mapped by the dynamic loader. You can also say, in general, where things are in kernel memory (i.e., certain areas are reserved for vmalloc, memory mapped registers, etc, etc.) > Dumb question: Using lsof -a I get a lot of files marked as being owned > by root (after all I am in root to run lsof); are these all root user > files or is the kernel mixed in there? In the case of looking at memory > what would the kernel and BIOS be called? The kernel has a descriptor for every open file, but files described as owned by root as open by the root user either directly or indirectly (a daemon running as root, for example) mh -- Martin Hicks || mort [ at ] bork [ dot ] org || PGP/GnuPG: 0x4C7F2BEE
Attachment:
signature.asc
Description: Digital signature