reading process memory

James Riendeau jtriende at
Wed Jun 7 17:04:50 UTC 2006

How are you defining "assuming right privileges"?  The only way  
you're going to be able to read another processes address space is in  
the kernel.  Even a process running as root is not able to read  
another process's data.  One of the principle responsibilities of the  
OS is to manage the private memory space of each process, and I  
emphasize private.  The last thing you would want on a secure system  
is the ability of other processes to read or write to another  
process's address space.  Even a parent process should not be able to  
read a child's address space, as the fork logically duplicates their  
address space and they go their separate ways.  An attempt to read  
another processes address space should trap to the kernel and the  
kernel should kill the process immediately.  There is one exception  
to this:  you can setup a pipe or memory share between two processes,  
however, both processes have to agree to share some memory or connect  
via a pipe.  I'm not going to give you a howto via email as the  
subject usually fills a solid chapter in most OS books.

James Riendeau
MMI Computer Support Technician
1300 University Ave
Rm. 436, Dept. of MedMicro
Madison, WI  53706

Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtriende at

On Jun 7, 2006, at 4:49 AM, Tofik Suleymanov wrote:

> Hello, folks
> I believe that it is possible to read contents of the memory used/ 
> utilized by a process (assuming right privileges).
> First i've tried to do this through procfs by reading 'mem'  
> property of the given process, but no success.
> Maybe there is another way of doing such things ?
> Any clue would be appreciated.
> Thanks,
> Tofik Suleymanov
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at"

More information about the freebsd-questions mailing list