I would like to find out how the VMMAP process works.
After running this executable with dtrace, it seems that the proc_regionfilename method retrieves the address space of each section in virtual memory.
So, I dug a little deeper and found its implementation in xnu under the file
libsyscall / wrappers / libproc / libproc.c
In the body of the function, I see that the main call is proc_pidinfo:
retval = proc_pidinfo(pid, PROC_PIDREGIONPATHINFO, (uint64_t)address, ®info, sizeof(struct proc_regionwithpathinfo));
And proc_pidinfo, which in turn calls the __proc_info character:
int __proc_info(int callnum, int pid, int flavor, uint64_t arg, void * buffer, int buffersize);
However, this symbol cannot be found in the code, and I wonder how it is created during pre-compilation, compilation, link, or real-time.
Any idea where I can find it or how it is created (I have not tried to compile the kernel yet).
thanks
c xnu macos mach vmmap
Zohar81
source share