Analyze Glibc heap memory

I research an embedded device that use GLIBC 2.25.

When I look at /proc/PID/maps I see under the heap section some anonymous sections ,I understand that sections create when the process use new

I dump those sections with dd and there is there interesting value that I want to understand is that buffer allocated or free, and what is the size of this buffer.

How can I do that please?

You can use the gdb (GNU Debugger) tool to inspect the memory of a running process. You can attach to the process using its PID and use the x command to examine memory at a specific address. You can also use the info proc mapping command to view the memory maps of the process, including the size of the heap. Additionally, you can use the heap command to list heap blocks and the malloc_info command to show detailed information about heap blocks.

You can also use the malloc_stats function to display information about the heap usage such as the number of bytes allocated, the number of bytes free and the number of bytes in use.

You can also use the pmap command to display the memory map of a process, including the heap size. This command is available on some systems and may not be present on others.

It's also worth noting that the /proc/PID/maps file can also give you an idea about the heap section of a process.

Please keep in mind that you need to have the right permission to access the process you want to inspect.

Instead of analyzing the memory from proc, you may want to try following options, limited to your env.

1. use tools like valgrind if you suspect any kind of leaks or invalid read/writes.
2. rather than looking at output of dd, attach to running process and inspect memory within process, gives you context to make sense of memory usage.
3. use logging to dump addresses of allocation/free/read/write. This allows you to build better understanding of memory usage.

You may have to use all of the above options depending upon the complexity of your task.