After looking through my strace output, and I'm looking for answers to the
(1) while everything I see output from strace is being performed in the name
(number) of the process, some of what I'm seeing is being done by the loader
and can't be traced back to source. Can someone confirm this?
(2) I could get strace to dump the address of the call but I'd have to
resolve those addresses to see if the address is within an address range of
the executable of if its being done by something in shared library of
somewhere else. What can I use to help me differentiate a system call
invoked directly vs indirectly?
(3) Are the address ranges provided by objdump virtual addresses and can
objdump be used to help pick apart the running applications virtual memory
(4) where is the virtual memory map for a process documented?
Take advantage of powerful junk e-mail filters built on patented Microsoft®
Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.