https://github.com/wenzel/linux-sysinternals
https://github.com/wenzel/linux-sysinternals
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/wenzel/linux-sysinternals
- Owner: Wenzel
- License: gpl-3.0
- Created: 2016-02-15T16:22:41.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2016-03-31T16:57:16.000Z (about 10 years ago)
- Last Synced: 2025-01-02T05:13:13.652Z (over 1 year ago)
- Language: CMake
- Size: 97.7 KB
- Stars: 10
- Watchers: 5
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# linux-sysinternals
This project is an attempt to recreate some of the tools available in the sysinternals suite available on Windows,
like vmmap or procexp.
# build
./configure.sh
make
# vmmap
This tool reads the content of `/proc//maps` to display an overview of a
process's virtual memory, and sort pages into different categories, like `stack`,
`heap`, `mapped file`, or `image`.
Unfortunately, it is not possible to rely on the description field of each
page to sort them :
If the size of a memory allocation is above a certain threshold, a new memory mapping
will be created, while it's description will not contain the `[heap]` flag, as one
might expect. [see this post on SO](https://stackoverflow.com/questions/17782536/missing-heap-section-in-proc-pid-maps)
# procexp
This tool is a simple process explorer for now, but it aims to be able to
monitor disk IO or network usage per process, as well as sending process images
to virustotal for analysis.
To be able to update the view in realtime and be notified when a new process
is created or have just died, it uses a feature in the kernel named `Process Connector`,
which sends notification of events like `fork`, `exec` or `exit` on a `netlink` socket.
More information [here](http://netsplit.com/the-proc-connector-and-socket-filters)
The connection to the socket is done by the `helper` program, running as root,
and sending these events on `DBus`.