如何检查给定进程的运行时加载的共享库是什么?

时间:2021-09-27 07:02:38

Is there a way to check which libraries is a running process using?

是否有方法检查哪些库是正在运行的进程?

To be more specific, if a program loads some shared libraries using dlopen, then readelf or ldd is not going to show it. Is it possible at all to get that information from a running process? If yes, how?

更具体地说,如果一个程序使用dlopen加载一些共享库,那么readelf或ldd将不会显示它。是否可能从正在运行的进程中获取这些信息?如果是,如何?

7 个解决方案

#1


66  

Other people are on the right track. Here are a couple ways.

其他人在正确的轨道上。这里有几个方法。

cat /proc/NNNN/maps | awk '{print $6}' | grep '\.so' | sort | uniq

Or, with strace:

或者,使用strace:

strace CMD.... 2>&1 | grep '^open(".*\.so"'

Both of these assume that shared libraries have ".so" somewhere in their paths, but you can modify that. The first one gives fairly pretty output as just a list of libraries, one per line. The second one will keep on listing libraries as they are opened, so that's nice.

这两个假设共享库都有。所以"在它们的路径中,但你可以修改它。第一个输出非常漂亮,仅仅是一个库列表,每行一个。第二个将继续列出打开的库,这很好。

Edit: And of course lsof...

编辑:当然还有lsof…

lsof -p NNNN | awk '{print $9}' | grep '\.so'

#2


12  

May be lsof - the swiss army knife of linux will help?

可能是lsof -瑞士军刀的linux会有所帮助吗?

edit: to run, lsof -p <pid>, lists all sorts of useful information, for example, if the process is java, lists all the open jars - very cool...

编辑:要运行,lsof -p 列出各种有用的信息,例如,如果进程是java,列出所有打开的jar——非常酷……

#3


10  

Actually, you can do this in your code in the following way:

实际上,你可以在你的代码中这样做:

#include <link.h>

using UnknownStruct = struct unknown_struct {
   void*  pointers[3];
   struct unknown_struct* ptr;
};
using LinkMap = struct link_map;

auto* handle = dlopen(NULL, RTLD_NOW);
auto* p = reinterpret_cast<UnknownStruct*>(handle)->ptr;
auto* map = reinterpret_cast<LinkMap*>(p->ptr);

while (map) {
  std::cout << map->l_name << std::endl;
  // do something with |map| like with handle, returned by |dlopen()|.
  map = map->l_next;
}

The link_map structure contains at least the base address and the absolute file name. It's the structure that is actually returned by dlopen() with non-NULL first argument. For more details see here.

link_map结构至少包含基本地址和绝对文件名。它是由dlopen()返回的具有非空第一个参数的结构。更多细节请看这里。

#4


6  

ltrace seems to be your friend.

ltrace似乎是你的朋友。

From ltrace manual:

从ltrace手册:

ltrace is a program that simply runs the specified command until it exits. It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process. It can also intercept and print the system calls exe‐ cuted by the program.

ltrace是一个简单地运行指定命令直到它退出的程序。它截获并记录被执行进程调用的动态库调用和该进程接收的信号。它还可以拦截和打印程序调用exe‐cuted的系统。

       Its use is very similar to strace(1).

#5


5  

On Linux, /proc/<processid>/maps contains a list of all the files mapped into memory, which I believe should include any loaded by dlopen().

在Linux上,/ processid>/map包含所有映射到内存的文件的列表,我认为应该包括dlopen()加载的所有文件。

#6


3  

On solaris there is also the pldd command.

在solaris中还有pldd命令。

#7


1  

Would strace trace the library file being opened?

strace会跟踪正在打开的库文件吗?

#1


66  

Other people are on the right track. Here are a couple ways.

其他人在正确的轨道上。这里有几个方法。

cat /proc/NNNN/maps | awk '{print $6}' | grep '\.so' | sort | uniq

Or, with strace:

或者,使用strace:

strace CMD.... 2>&1 | grep '^open(".*\.so"'

Both of these assume that shared libraries have ".so" somewhere in their paths, but you can modify that. The first one gives fairly pretty output as just a list of libraries, one per line. The second one will keep on listing libraries as they are opened, so that's nice.

这两个假设共享库都有。所以"在它们的路径中,但你可以修改它。第一个输出非常漂亮,仅仅是一个库列表,每行一个。第二个将继续列出打开的库,这很好。

Edit: And of course lsof...

编辑:当然还有lsof…

lsof -p NNNN | awk '{print $9}' | grep '\.so'

#2


12  

May be lsof - the swiss army knife of linux will help?

可能是lsof -瑞士军刀的linux会有所帮助吗?

edit: to run, lsof -p <pid>, lists all sorts of useful information, for example, if the process is java, lists all the open jars - very cool...

编辑:要运行,lsof -p 列出各种有用的信息,例如,如果进程是java,列出所有打开的jar——非常酷……

#3


10  

Actually, you can do this in your code in the following way:

实际上,你可以在你的代码中这样做:

#include <link.h>

using UnknownStruct = struct unknown_struct {
   void*  pointers[3];
   struct unknown_struct* ptr;
};
using LinkMap = struct link_map;

auto* handle = dlopen(NULL, RTLD_NOW);
auto* p = reinterpret_cast<UnknownStruct*>(handle)->ptr;
auto* map = reinterpret_cast<LinkMap*>(p->ptr);

while (map) {
  std::cout << map->l_name << std::endl;
  // do something with |map| like with handle, returned by |dlopen()|.
  map = map->l_next;
}

The link_map structure contains at least the base address and the absolute file name. It's the structure that is actually returned by dlopen() with non-NULL first argument. For more details see here.

link_map结构至少包含基本地址和绝对文件名。它是由dlopen()返回的具有非空第一个参数的结构。更多细节请看这里。

#4


6  

ltrace seems to be your friend.

ltrace似乎是你的朋友。

From ltrace manual:

从ltrace手册:

ltrace is a program that simply runs the specified command until it exits. It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process. It can also intercept and print the system calls exe‐ cuted by the program.

ltrace是一个简单地运行指定命令直到它退出的程序。它截获并记录被执行进程调用的动态库调用和该进程接收的信号。它还可以拦截和打印程序调用exe‐cuted的系统。

       Its use is very similar to strace(1).

#5


5  

On Linux, /proc/<processid>/maps contains a list of all the files mapped into memory, which I believe should include any loaded by dlopen().

在Linux上,/ processid>/map包含所有映射到内存的文件的列表,我认为应该包括dlopen()加载的所有文件。

#6


3  

On solaris there is also the pldd command.

在solaris中还有pldd命令。

#7


1  

Would strace trace the library file being opened?

strace会跟踪正在打开的库文件吗?