SCO comp.unix.sco.programmer FAQ.: How can I read kernel data through /dev/kmem in a user program?

SCO Development Environments. :
How can I read kernel data through /dev/kmem in a user program?

This can be a powerful technique, but it is also horribly non-portable. Kernel data structures can and do change between releases, so your program may break.

The basic idea is to call nlist(S) with the table of kernel symbols you wish to examine. nlist will then fill in the addresses of those symbols. You can then open /dev/kmem, use the addresses to lseek(), then issue a read(). On systems that have mmap() available, this is a good use for it.

You can look at the sources of programs like u386mon for examples of how to do this.
An OpenServer-specific extension is the tab(HW) driver. See that man page and string(HW), and look in /dev/table and /dev/string to see how it works. This only works for a small fixed subset of kernel data.

robertlipe@usa.net

[Append to This Answer]

Previous:	Purify or other malloc checkers.
Next:	How to detect SCO product or version at compile time?

This document is: http://www.zenez.com/cgi-bin/scoprogfaq/faq?file=17

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.