On Tue, 2009-04-14 at 18:02 -0400, Mike Edenfield wrote: > I eventually figure that out, it was the source of my seemingly random > ESRCH errors trying to read from /proc/<pid>/mem. Once I realized that > I need to PTRACE_ATTACH first, I was all set. I am successfully reading > memory from my target process. > > So far, I've only managed to pull the ELF header out of memory, but it's > a start. I just need to find a way to tell the difference between each > possible version of the binary I might run into; the original utility > relied on the fact that Windows linkers stick a time stamp into the PE > header at creation time, but I don't see anything similar in ELF.
What do you want to read from the process ? If you're just interested in the executable, you can also read /proc/PID/exe. If you just need a timestamp, you may check /proc/PID/exe, which is a symbolic link to the ELF file, and check its creation time. -- Martin Baulig - [email protected] Novell GmbH, Nördlicher Zubringer 9-11, 40470 Düsseldorf GF: Dr. Jürgen Müller, Sylvia Geil, Felix Imendörffer; HRB 21108 (AG Düsseldorf) _______________________________________________ Mono-devel-list mailing list [email protected] http://lists.ximian.com/mailman/listinfo/mono-devel-list
