kvm_t
*
kvm_open(
const char *execfile
, const char *corefile
, char *swapfile
, int flags
, const char *errstr
)
kvm_t
*
kvm_openfiles(
const char *execfile
, const char *corefile
, char *swapfile
, int flags
, char *errbuf
)
int
kvm_close(
kvm_t *kd
)
)
and
kvm_openfiles(
)
return a descriptor used to access kernel virtual memory
via the
kvm(3)
library routines.
Both active kernels and crash dumps are accessible
through this interface.
execfile
is the executable image of the kernel being examined.
This file must contain a symbol table.
If this argument is
NULL
,
the currently running system is assumed,
which is indicated by
_PATH_UNIX
in
<paths.h
>.
corefile
is the kernel memory device file.
It can be either
/dev/mem
or a crash dump core generated by
savecore(8).
If
corefile
is
NULL
,
the default indicated by
_PATH_MEM
from
<paths.h
>
is used.
swapfile
should indicate the swap device.
If
NULL
,
_PATH_DRUM
from
<paths.h
>
is used.
The
flags
argument indicates read/write access as in
open(2)
and applies only to the core file.
The only permitted flags from
open(2)
are
O_RDONLY
,
O_WRONLY
,
and
O_RDWR
.
As a special case, a
flags
argument of
KVM_NO_FILES
will initialize the
kvm(3)
library for use on active kernels only using
sysctl(3)
for retrieving kernel data and ignores the
execfile
,
corefile
and
swapfile
arguments.
Only a small subset of the
kvm(3)
library functions are available using this method.
These are currently
kvm_getproc2(3),
kvm_getargv2(3)
and
kvm_getenvv2(3).
There are two open routines which differ only with respect to the error mechanism. One provides backward compatibility with the SunOS kvm library, while the other provides an improved error reporting framework.
The
kvm_open()
function is the Sun kvm compatible open call.
Here, the
errstr
argument indicates how errors should be handled.
If it is
NULL
,
no errors are reported and the application cannot know the
specific nature of the failed kvm call.
If it is not
NULL
,
errors are printed to stderr with
errstr
prepended to the message, as in
perror(3).
Normally, the name of the program is used here.
The string is assumed to persist at least until the corresponding
kvm_close()
call.
The
kvm_openfiles()
function provides
BSD
style error reporting.
Here, error messages are not printed out by the library.
Instead, the application obtains the error message
corresponding to the most recent kvm library call using
kvm_geterr(
)
(see
kvm_geterr(3)).
The results are undefined if the most recent kvm call did not produce
an error.
Since
kvm_geterr(
)
requires a kvm descriptor, but the open routines return
NULL
on failure,
kvm_geterr()
cannot be used to get the error message if open fails.
Thus,
kvm_openfiles(
)
will place any error message in the
errbuf
argument.
This buffer should be _POSIX2_LINE_MAX characters large (from
<limits.h
>).
)
and
kvm_openfiles(
)
functions both return a descriptor to be used
in all subsequent kvm library calls.
The library is fully re-entrant.
On failure,
NULL
is returned, in which case
kvm_openfiles(
)
writes the error message into
errbuf
.
The
kvm_close()
function returns 0 on success and -1 on failure.