The functions
kvm_open() and
kvm_openfiles() return a descriptor used to access kernel virtual memory via the
kvm(3) library routines. Both active kernels and crash dumps are accessible through this interface.
execfile is the executable image of the kernel being examined. This file must contain a symbol table. If this argument is
NULL, the currently running system is assumed; in this case, the functions will attempt to use the
ksyms(4) device indicated by
_PATH_KSYMS in
<paths.h>; if that fails, then they will use the file indicated by the
sysctl(3) variable
machdep.booted_kernel, or (if the sysctl information is not available) the default kernel path indicated by
_PATH_UNIX in
<paths.h>.
corefile is the kernel memory device file. It can be either
/dev/mem or a crash dump core generated by
savecore(8). If
corefile is
NULL, the default indicated by
_PATH_MEM from
<paths.h> is used.
swapfile should indicate the swap device. If
NULL,
_PATH_DRUM from
<paths.h> is used.
The
flags argument indicates read/write access as in
open(2) and applies only to the core file. The only permitted flags from
open(2) are
O_RDONLY,
O_WRONLY, and
O_RDWR.
As a special case, a
flags argument of
KVM_NO_FILES will initialize the
kvm(3) library for use on active kernels only using
sysctl(3) for retrieving kernel data and ignores the
execfile,
corefile and
swapfile arguments. Only a small subset of the
kvm(3) library functions are available using this method. These are currently
kvm_getproc2(3),
kvm_getargv2(3) and
kvm_getenvv2(3).
There are two open routines which differ only with respect to the error mechanism. One provides backward compatibility with the SunOS kvm library, while the other provides an improved error reporting framework.
The
kvm_open() function is the Sun kvm compatible open call. Here, the
errstr argument indicates how errors should be handled. If it is
NULL, no errors are reported and the application cannot know the specific nature of the failed kvm call. If it is not
NULL, errors are printed to stderr with
errstr prepended to the message, as in
perror(3). Normally, the name of the program is used here. The string is assumed to persist at least until the corresponding
kvm_close() call.
The
kvm_openfiles() function provides
BSD style error reporting. Here, error messages are not printed out by the library. Instead, the application obtains the error message corresponding to the most recent kvm library call using
kvm_geterr() (see
kvm_geterr(3)). The results are undefined if the most recent kvm call did not produce an error. Since
kvm_geterr() requires a kvm descriptor, but the open routines return
NULL on failure,
kvm_geterr() cannot be used to get the error message if open fails. Thus,
kvm_openfiles() will place any error message in the
errbuf argument. This buffer should be _POSIX2_LINE_MAX characters large (from
<limits.h>).