Linux hash process in memory
I am writing a program that will hash a running process in memory and compare it to a known hash (similar to how antivirus software works). I want to focus on read-only partitions, especially data and executable partitions. Without doing this in the past, how can I retrieve this information?
By doing a simple one cat /proc/PID/maps
, I see different sections. Do I need to manually parse this data, or are there functions to extract this information?
+3
source to share
No one has answered this question yet
Check out similar questions: