A Linux kernel module that extracts detailed process information including memory layout, CPU usage, and ELF sections via
/procfilesystem.
- Process Memory Layout: Code, Data, BSS, Heap, and Stack addresses
- CPU Usage Tracking: Real-time CPU percentage calculation
- ELF Section Analysis: Binary base address and section boundaries
- Proc Interface: Easy access through
/proc/elf_det/ - Comprehensive Testing: Unit tests and QEMU-based E2E testing
- Code Quality: Pre-configured static analysis (sparse, cppcheck, checkpatch)
- Docker + VS Code with Remote - Containers extension
- Dev container includes everything: Ubuntu 24.04, kernel 6.8+ headers, build tools, static analysis
- Open project in VS Code → "Reopen in Container"
- Build:
make all
- Install module:
sudo make install
- Run user program:
./build/proc_elf_ctrl
kernel_module/
├── .devcontainer/ # Dev container config (Docker + VS Code setup)
├── .github/ # CI/CD workflows (GitHub Actions)
├── docs/ # Detailed documentation
├── scripts/ # Testing scripts (QEMU setup, E2E testing automation)
├── src/ # Source code (kernel module, user program, tests, helpers)
├── build/ # Build artifacts (generated by make)
└── Makefile # Build system with quality checks
The program will prompt you to enter a process ID (PID). You can find PIDs using:
ps aux | grep <process_name>***************************************************************************
******Navid user program for gathering memory info on desired process******
***************************************************************************
***************************************************************************
************enter the process id: 1234
the process info is here:
PID NAME CPU(%) START_CODE END_CODE START_DATA END_DATA BSS_START BSS_END HEAP_START HEAP_END STACK_START STACK_END ELF_BASE
01234 bash 0.50 0x0000563a1234 0x0000563a5678 0x0000563a9abc 0x0000563adef0 0x0000563adef0 0x0000563adef0 0x0000563b0000 0x0000563b8000 0x00007ffd12345000 0x00007ffd12340000 0x0000563a1000
Note: BSS_START and BSS_END may be equal (zero-length BSS) in modern ELF binaries. This is normal.
sudo make uninstallFor maximum safety, test the kernel module in an isolated QEMU virtual machine that won't affect your host system.
# One-time setup
./scripts/qemu-setup.sh
# Start VM
./scripts/qemu-run.sh
# In another terminal, run automated tests
./scripts/qemu-test.shPID NAME CPU(%) START_CODE END_CODE START_DATA END_DATA
BSS_START BSS_END HEAP_START HEAP_END STACK_START
STACK_END ELF_BASE
01234 bash 0.50 0x563a1234 0x563a5678 0x563a9abc 0x563adef0
0x563adef0 0x563adef0 0x563b0000 0x563b8000 0x7ffd12345000
0x7ffd12340000 0x563a1000
Note: BSS_START and BSS_END may be equal (zero-length) in modern binaries - this is normal.
make all # Build kernel module and user program
make install # Install kernel module (requires root)
make uninstall # Remove kernel module
make unit # Run unit tests (no kernel required)
make test # Install module and run user program
make format # Format all source files
make check # Run all static analysis
make clean # Remove build artifactsmake unitRuns pure function tests without kernel dependencies.
./scripts/qemu-setup.sh # One-time setup
./scripts/qemu-run.sh # Start VM
./scripts/qemu-test.sh # Run automated testsSee docs/TESTING.md for detailed testing documentation.
- TESTING.md - Unit tests, QEMU testing, troubleshooting
- TECHNICAL.md - Kernel module details, memory layout, limitations
- CODE_QUALITY.md - Static analysis, code formatting, best practices
- SCRIPTS.md - Detailed script documentation
- RELEASE.md - Version release process and guidelines
- Dev container recommended: Provides fully configured environment
- Root required: Loading/unloading kernel modules needs sudo
- QEMU testing: Safest way to test - isolates from host kernel
- BSS often zero: Modern binaries frequently have zero-length BSS
- Heap limitation: Only tracks brk-based heap, not mmap allocations
Dual BSD/GPL - Choose the license that works best for you:
- GPL: Required for Linux kernel compatibility
- BSD: Permissive for other uses
Contributions welcome! The project includes:
- Pre-configured dev container
- Automated testing (unit tests + QEMU E2E)
- Static analysis and formatting tools
- GitHub Actions CI/CD
Educational Project: Demonstrates Linux kernel module development. Use at your own risk.
.clang-format- clang-format configuration (Linux kernel style).cppcheck-suppressions- Suppression list for false positives.editorconfig- Editor configuration for consistent coding style
Official Linux kernel coding style checker. Enforces kernel coding standards including:
- Indentation and spacing rules
- Line length limits
- Function declaration style
- Comment formatting
- Macro usage patterns
Semantic parser specifically designed for kernel code. Detects:
- Type confusion errors
- Endianness issues
- Lock context imbalances
- Address space mismatches
- Null pointer dereferences
General-purpose C/C++ static analyzer. Finds:
- Memory leaks
- Buffer overflows
- Uninitialized variables
- Dead code
- Logic errors
Code formatter that ensures consistent style:
- 8-space tabs (kernel standard)
- 80-column limit
- Linux brace style
- Proper spacing and alignment
The module has been tested on:
- Ubuntu 20.04 LTS (Kernel 5.15+)
- Ubuntu 22.04 LTS (Kernel 5.19+)
- Ubuntu 24.04 LTS (Kernel 6.8+)
Kernel Compatibility Notes:
- Kernel 5.6+ required (proc_ops API)
- Kernel 6.8+ recommended (VMA iterator API)
- The code has been updated to use modern kernel APIs including VMA iterators and proc_opsEducational Project: Demonstrates Linux kernel module development. Use at your own risk.