moralismercatus
commented
10 years ago I've created a library proc-reader that reads /proc/
dispatch.ini has a library.filter section, where desired libraries are listed by their path. Subject to change.
Closed moralismercatus closed 10 years ago
moralismercatus
commented
10 years ago I've created a library proc-reader that reads /proc/
dispatch.ini has a library.filter section, where desired libraries are listed by their path. Subject to change.
This is essential for handling system calls and refining capture by component/library.
OS dependent.
On Linux: When a process is run, under /proc//maps, all memory region map information is listed including start and end address, the library correlating to that region, etc.
To get this information programmatically, if we were kernel programming, it'd be accessed through vm_area_struct; however, it appears that the only way to get it is to examine /proc//maps and parse it. This will change slightly from x86/x64, but should otherwise remain consistent. It is the "API."