Zxdb supports the following commands for inspecting memory:
aspace
: Show mapped memory regions.The aspace
command, abbreviated as
, outputs address space information for the process. In Fuchsia, virtual memory consists of a hierarchy of Virtual Memory Objects (VMOs).
With no parameters, the aspace
command shows all VMOs in the process.
When given an address, the aspace
command shows the VMO hierarchy containing just that address. This can be useful to determine where an address is in memory, as the names of the VMOs typically indicate what type of region that is.
In the following example, the aspace
command details the following about the 0x10b7f304d28
address:
The following are relevant VMO names that could be included in output from the aspace
command:
initial-thread
: The stack of the startup thread.pthread_t:0x...
: The stack of a pthread-created thread. The address indicates the memory location of the `pthread_t structure for that thread.*uncompressed-bootfs
: A memory-mapped library coming from bootfs (core system libraries). The libs
command can tell you the library name for that address.stack: msg of ...
: The startup stack. This very small stack is used only by the dynamic linker and loader code.scudo:*
: Pages allocated with the scudo memory manager. If the process is using scudo, these regions are the application heap.vdso/full
: The built-in library that implements system calls.blob-*
: Mapped library coming from blobfs. The libs
command can tell you the library name for that address.mem-analyze
: Dumps memory, trying to interpret pointers.This command attempts to interpret memory as pointers and decode what they point to. Addresses with corresponding symbols are symbolized, while other addresses indicate the name of the memory-mapping region they fall into (see the aspace
command). It can be useful for dumping unknown memory.
See also stack
, which is a variant of the mem-analyze
command for stack analysis.
mem-read
: Dump process memoryThe mem-read
command, abbreviated x
, provides hex dumps of the given address. You supply the address and optionally override the default size with the -s
option.
You can also supply an expression that evaluates to an address. If the type of the pointer has a known size, the dump automatically shows that many bytes:
stack
: Provides a low-level analysis of the stackThe stack
command analyzes the stack in a similar way to mem-analyze
. It defaults to the top of the current thread's stack. The stack
command attempts to decode addresses present in the memory region, but it also adds annotations for the known register values and stack base pointers of the thread.
In the notes colum, left-pointing arrows indicate which registers point to that stack location, while right-pointing arrows indicate where the value of the stack entry points to if it is interpreted as an address.
sym-near
: Map addresses to symbolsThe sym-near
command, abbreviated sn
, attempts to map an address to a symbol name. Running the command outputs the name and line information (if available) for the symbol at or preceeding the address and is most often used to tell what a pointer points to.