Comments (3)
Tests (not 100% pair to pair, but anyways):
testing map_files
[*] enumerate modules with libmem
module: /proc/20824/root/dir/Repos/map-files-test/main 5577bd250000-5577bd255000
module: /proc/20824/root/usr/lib/libstdc++.so.6.0.32 7f2aa9000000-7f2aa9295000
module: /proc/20824/root/usr/lib/liblibmem.so 7f2aa9400000-7f2aa9d1e000
module: /proc/20824/root/usr/lib/libgcc_s.so.1 7f2aa9e26000-7f2aa9e4a000
module: /proc/20824/root/lib/ld-musl-x86_64.so.1 7f2aa9e4a000-7f2aa9eea000
[*] finished - time: 0.000405
[*] enumerate modules with /proc/<pid>/map_files
module: /dir/Repos/map-files-test/main 5577bd250000-5577bd255000
module: /usr/lib/libstdc++.so.6.0.32 7f2aa9000000-7f2aa9295000
module: /usr/lib/liblibmem.so 7f2aa9400000-7f2aa9d1e000
module: /usr/lib/libgcc_s.so.1 7f2aa9e26000-7f2aa9e4a000
module: /lib/ld-musl-x86_64.so.1 7f2aa9e4a000-7f2aa9eea000
[*] finished - time: 0.000287
[*] press enter to exit...
The map_files
method takes slightly less time. This difference is way more noticeable on processes with huge /proc/<pid>/maps
(contains both allocations and modules), which would take a long time to parse. Meanwhile, the map_files
directory only contains modules, and should take a constant amount of time based on the amount of loaded modules.
Tests with a full-of-allocations /proc/<pid>/maps
:
int main()
{
clock_t start;
clock_t end;
size_t i;
printf("doing useless random allocations to fill /proc/self/maps\n");
for (i = 0; i < 10000; ++i) {
int prot = random() & (PROT_EXEC | PROT_READ | PROT_WRITE);
void *_alloc = mmap(NULL, sysconf(_SC_PAGESIZE), prot, MAP_PRIVATE | MAP_ANON, -1, 0);
}
printf("testing map_files\n");
printf("[*] enumerate modules with libmem\n");
start = clock();
LM_EnumModules(lm_callback, NULL);
end = clock();
printf("[*] finished - time: %lf\n", (double)(end - start) / CLOCKS_PER_SEC);
printf("[*] enumerate modules with /proc/<pid>/map_files\n");
start = clock();
enum_modules(callback);
end = clock();
printf("[*] finished - time: %lf\n", (double)(end - start) / CLOCKS_PER_SEC);
printf("[*] press enter to exit...\n");
scanf("%*c");
return 0;
}
Output:
doing useless random allocations to fill /proc/self/maps
testing map_files
[*] enumerate modules with libmem
module: /proc/29048/root/dir/Repos/map-files-test/main 5592f409f000-5592f40a4000
module: /proc/29048/root/usr/lib/libstdc++.so.6.0.32 7fdd23e00000-7fdd24095000
module: /proc/29048/root/usr/lib/liblibmem.so 7fdd24200000-7fdd24b1e000
module: /proc/29048/root/usr/lib/libgcc_s.so.1 7fdd24b27000-7fdd24b4b000
module: /proc/29048/root/lib/ld-musl-x86_64.so.1 7fdd24b4b000-7fdd24beb000
[*] finished - time: 0.025560
[*] enumerate modules with /proc/<pid>/map_files
module: /dir/Repos/map-files-test/main 5592f409f000-5592f40a4000
module: /usr/lib/libstdc++.so.6.0.32 7fdd23e00000-7fdd24095000
module: /usr/lib/liblibmem.so 7fdd24200000-7fdd24b1e000
module: /usr/lib/libgcc_s.so.1 7fdd24b27000-7fdd24b4b000
module: /lib/ld-musl-x86_64.so.1 7fdd24b4b000-7fdd24beb000
[*] finished - time: 0.000923
[*] press enter to exit...
In this second test, with a /proc/<pid>/maps
full of allocations, the map_files
method performed the same task as LM_EnumModules
in about 1 / 25
of the time. Which solidifies this method.
Again, the tests are not 100% equal. But the disparity between the methods is too big for it to be ignored.
from libmem.
Full code: https://github.com/rdbo/linux-fast-modules-procfs/blob/master/main.c
from libmem.
After 2153ed5:
doing useless random allocations to fill /proc/self/maps
testing map_files
[*] enumerate modules with libmem
module: /proc/27268/root/dir/Repos/map-files-test/main 55a8b1285000-55a8b128a000
module: /proc/27268/root/usr/lib/libstdc++.so.6.0.32 7f3b8ce00000-7f3b8d095000
module: /proc/27268/root/dir/Repos/map-files-test/liblibmem.so 7f3b8d200000-7f3b8db1e000
module: /proc/27268/root/usr/lib/libgcc_s.so.1 7f3b8db30000-7f3b8db54000
module: /proc/27268/root/lib/ld-musl-x86_64.so.1 7f3b8db54000-7f3b8dbf4000
[*] finished - time: 0.001146
[*] enumerate modules with /proc/<pid>/map_files
module: /dir/Repos/map-files-test/main 55a8b1285000-55a8b128a000
module: /usr/lib/libstdc++.so.6.0.32 7f3b8ce00000-7f3b8d095000
module: /dir/Repos/map-files-test/liblibmem.so 7f3b8d200000-7f3b8db1e000
module: /usr/lib/libgcc_s.so.1 7f3b8db30000-7f3b8db54000
module: /lib/ld-musl-x86_64.so.1 7f3b8db54000-7f3b8dbf4000
[*] finished - time: 0.000616
[*] press enter to exit...
Even with huge maps files, it no longer slows down.
from libmem.
Related Issues (20)
- Remove injector library
- Don't stop unit tests on first failure
- Consider using WMI to get the boot time on Windows
- Consider better typedef for lm_bool_t HOT 1
- Check if libkvm is actually necessary on FreeBSD HOT 1
- Test if `owner_pid` from `lm_thread_t` matches the actual process ID in Unit tests HOT 1
- Fix crash in `winutils.c` when attempting to convert strings with `NULL`
- Test `LM_EnumSymbols` for external processes
- Consider adding function to retrieve page size (and rewrite code that retrieves page size)
- Clean up files
- Do better cross compiling (remove `LIBMEM_ARCH` option)
- Remove mounting procfs in FreeBSD on README HOT 1
- Include Capstone's detail in `lm_inst_t` HOT 4
- Skip undefined symbols on LM_EnumSymbols HOT 1
- Error build on ubuntu 22 aarch64
- Add methods for comparing memory, similar to memcmp
- Add function for getting page size
- Make `LM_DeepPointer(Ex)` 1:1 to Cheat Engine's pointer maps/pointer scans HOT 1
- rust build fails HOT 8
- Rust: no access to `lm_inst_t` properties. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libmem.