elf Syndicate content

warning: Creating default object from empty value in /www/htdocs/w0065fc9/milianw/modules/taxonomy/taxonomy.pages.inc on line 33.

» Heaptrack - Attaching to Running Process

Tue, 12/09/2014 - 23:02

Hello all,

I’m happy to be back so soon with a status update on heaptrack: It is now possible to attach to an already running process!

Thanks to the great help from Celelibi on StackOverflow, I managed to achieve this important goal. Once you know what to do, it is actually extremely simple to patch a running process. I use GDB to attach to the process, then call dlopen to load a special heaptrack library for runtime-injection. Then I call an initialization function which takes the desired output file as a parameter, and then detach GDB. To actually overwrite malloc & friends, one can leverage dl_iterate_phdr and the public ELF API on Linux systems to find dynamic sections that reference one of our target symbols in their global offset table (GOT). This can then be rewritten to point to our custom hooks. Some refactoring later, which stabilized the shutdown sequence to allows multiple heaptrack attach/detach sequences, we can now do this:

  1. heaptrack -p $(pidof <yourapp>)
  2. # wait
  3. ^C
  4. heaptrack_print heaptrack.<yourapp>.$$.gz | less

This is a great help when you want to investigate why the memory consumption of your application suddenly rises. No need to restart the app, just attach heaptrack and wait for some, then kill it and heaptrack_print the outputfile.

Please try this new feature and send me bug reports and feedback.