Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!snorkelwacker!mintaka!gnu!guest
From: guest@gnu.ai.mit.edu (Guest Account)
Newsgroups: comp.unix.i386
Subject: kernel probing with nlist("/unix")
Summary: how do you deal with the hugh addresses and tiny /dev/kmem?
Message-ID: <1990Jul15.223017.12930@mintaka.lcs.mit.edu>
Date: 15 Jul 90 22:30:17 GMT
Sender: daemon@mintaka.lcs.mit.edu (Lucifer Maleficius)
Organization: MIT Laboratory for Computer Science
Lines: 13


I have a problem with all of the 386/Sys V boxes I have used
(Interactive, Xenix and MicroPort).  On other Sys V implimentations
(and SunOs for the 386) you can examine the kernel by running nlist()
on the kernel image (usually /unix or /vmunix) to turn a variable name
inside the kernel (for example "sysinfo") into an address that can be
accessed by using lseek on /dev/kmem out the to value of the address.

The problem is that on 386 Sys V the kernel address are all huge
(above 3 billion) and /dev/kmem returns EOF at about 16 K.  Don't tell
me that it can't be done because /bin/ps and /usr/lib/sa/sadc both do
it correctly.  What is the secret that all the manuals manage to hide
or dismiss?