pahtiv wrote:40000000-40013000 r-xp 00000000 03:07 40255 /lib/ld-2.1.3.so
but the information after that is difficult to understand to me. could anyone please explain them to me?
your best option is of course the source code (fs/proc/array.c:proc_pid_maps_get_line()), but here's a quick rundown:
- Code: Select all
40000000-40013000 r-xp 00000000 03:07 40255 /lib/ld-2.1.3.so
xxxxxxxx-yyyyyyyy aaaa oooooooo MM:mm iiiii fffffffff...
x-y: as you said, this is the virtual memory range that the given mapping occupies.
a: these are the access rights, read/write/executable/private (latter can be private/shared), note the PaX itself uses upper case letters for rwx as well indicating the presence of the VM_MAY* flags.
o: file offset from which on the mapping was created, in the above alone you see the very first PT_LOAD segment of the ld.so ELF file, if you run
readelf -l on it, you'll see how the offset fields correspond to what you see in the maps file. note that due to a bug/feature the stack (or VM_GROWSDOWN mappings in general) will show an underflowed offset here as they get expanded downwards.
M:m: major/minor numbers of the device where the backing file resides. if they're both 0, you're dealing with an anonymous mapping (like the stack or the heap) and the last field will be omitted.
i: inode of the backing file, 0 for an anonymous mapping.
f: file name as resolved by d_path().
