From: utzoo!decvax!cca!ima!johnl Newsgroups: net.unix-wizards Title: Re: kernel memory tomfoolery - (nf) Article-I.D.: ima.274 Posted: Mon Jan 3 03:25:32 1983 Received: Tue Jan 4 01:38:52 1983 #R:houxq:-23200:ima:9200001:000:1248 ima!johnl Jan 2 19:03:00 1983 If you really want to look at kmem (and your system allows you to do so) then the usual procedure is: -- use nlist() to extract symbols from /unix, to find out where in memory stuff is. Note that this can fail if the system was booted from somewhere else. -- The system data structures are mostly defined by include files in /usr/include/sys. There is no substitute for reading kernel code to find out what stuff actually means. If you have no sources, sorry, you lose. -- Open /dev/kmem, seek to the right place, and copy stuff in. -- Do what you will. Look at the source code for the "ps" command for an extended example of this sort of thing. The convoluted and ugly code you find there is typical of what happens when you deal with kmem. The Berklix "renice" command is an example of patching kmem; it lowers a process' priority. The most legitimate uses of kmem reading appear to be programs like "ps" and "iostat." Kmem patching seems useful only for hacks like renice and somewhat for debugging kernel code. It is my strong impression that system managers that allow significant use of kmem patching usually live to regret it. John Levine, decvax!yale-co!jrl, ucbvax!cbosgd!ima!johnl, Levine@YALE (arpa).