A brief analysis of the files in the /proc/[pid] directory in Linux
The Linux kernel provides a mechanism to access the kernel's internal data structures and change kernel settings at runtime through the proc file system. The proc file system is a pseudo file system that only exists in memory and does not occupy external memory space. It provides an interface for accessing system kernel data in the form of a file system.
![简析Linux中 /proc/[pid] 目录的各文件](https://img.php.cn/upload/article/000/887/227/171058868337995.jpg)
Users and applications can obtain system information through proc and change some parameters of the kernel. Since system information, such as processes, changes dynamically, when a user or application reads a proc file, the proc file system dynamically reads the required information from the system kernel and submits it.
Not all of the files or subfolders listed below exist in your system, depending on your kernel configuration and loaded modules. In addition, there are three very important directories under proc: net, scsi and sys. The sys directory is writable and can be used to access or modify kernel parameters, while net and scsi depend on the kernel configuration. For example, if the system does not support scsi, the scsi directory does not exist.
In addition to the ones introduced above, there are also some directories named with numbers, which are process directories. Each process currently running in the system has a corresponding directory under proc, with the PID number of the process as the directory name. They are the interfaces for reading process information. The self directory is the information interface for reading the process itself, and is a link.
/proc/[pid]/auxv contains the ELF interpreter information passed to the process. The format is that each item is an unsigned long length ID plus an unsigned long length value. The last item starts with two 0x00s in a row. Examples are as follows:
$ hexdump -x /proc/2406/auxv 0000000 0021 0000 0000 0000 f000 f7fa 7fff 0000 0000010 0010 0000 0000 0000 fbff 1f8b 0000 0000 0000020 0006 0000 0000 0000 1000 0000 0000 0000 0000030 0011 0000 0000 0000 0064 0000 0000 0000 0000040 0003 0000 0000 0000 0040 0040 0000 0000 0000050 0004 0000 0000 0000 0038 0000 0000 0000 0000060 0005 0000 0000 0000 0007 0000 0000 0000 0000070 0007 0000 0000 0000 0000 0000 0000 0000 0000080 0008 0000 0000 0000 0000 0000 0000 0000 0000090 0009 0000 0000 0000 55e0 0045 0000 0000 00000a0 000b 0000 0000 0000 0000 0000 0000 0000 00000b0 000c 0000 0000 0000 0000 0000 0000 0000 00000c0 000d 0000 0000 0000 0000 0000 0000 0000 00000d0 000e 0000 0000 0000 0000 0000 0000 0000 00000e0 0017 0000 0000 0000 0000 0000 0000 0000 00000f0 0019 0000 0000 0000 f079 f7f6 7fff 0000 0000100 001f 0000 0000 0000 ffea f7f6 7fff 0000 0000110 000f 0000 0000 0000 f089 f7f6 7fff 0000 0000120 0000 0000 0000 0000 0000 0000 0000 0000 0000130
/proc/[pid]/cmdline is a read-only file that contains the complete command line information of the process. If the process has been swapped out of memory or the process is a zombie process, this file will have no content. The file ends with the null character instead of a newline character. Examples are as follows:
$ ps aux|grep frps root 2406 0.1 0.1 54880 10524 ? Sl Dec11 21:30 frps -c ./frps.ini $ cat /proc/2406/cmdline frps-c./frps.ini
/proc/[pid]/comm contains the command name of the process. Examples are as follows:
$ cat /proc/2406/comm frps
/proc/[pid]/cwd is a symbolic link to the current working directory of the process. Examples are as follows:
$ ls -lt /proc/2406/cwd lrwxrwxrwx 1 root root 0 Dec 12 20:39 /proc/2406/cwd -> /home/mike/frp_0.13.0_linux_amd64
/proc/[pid]/environ Displays the environment variables of the process. Examples are as follows:
$ strings /proc/2406/environ SUPERVISOR_GROUP_NAME=ssh TERM=linux SUPERVISOR_SERVER_URL=unix:///var/run/supervisor.sock SUPERVISOR_PROCESS_NAME=ssh RUNLEVEL=2 UPSTART_EVENTS=runlevel PREVLEVEL=N PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin UPSTART_INSTANCE= UPSTART_JOB=rc SUPERVISOR_ENABLED=1 runlevel=2 PWD=/ previous=N
/proc/[pid]/exe is the symbolic link to the actual running program. Examples are as follows:
$ ls -lt /proc/2406/exe lrwxrwxrwx 1 root root 0 Dec 11 19:00 /proc/2406/exe -> /usr/bin/frps
/proc/[pid]/fd is a directory containing files opened by a process. Examples are as follows:
$ ls -lt /proc/2406/fd lrwx------ 1 root root 64 Dec 24 09:39 77 -> socket:[44377722] lrwx------ 1 root root 64 Dec 17 15:07 47 -> socket:[29482617] lr-x------ 1 root root 64 Dec 12 20:18 0 -> pipe:[13282] l-wx------ 1 root root 64 Dec 12 20:18 1 -> pipe:[13283] lrwx------ 1 root root 64 Dec 12 20:18 10 -> socket:[12238218] lrwx------ 1 root root 64 Dec 12 20:18 4 -> anon_inode:[eventpoll] lrwx------ 1 root root 64 Dec 12 20:18 40 -> socket:[19378614]
Each item in the directory is a symbolic link pointing to the open file, and the number represents the file descriptor.
/proc/[pid]/latency displays which codes cause larger delays. If you want to use this feature, you need to execute:
$ echo 1 > /proc/sys/kernel/latencytop
Examples are as follows
$ cat /proc/2406/latency Latency Top version : v0.1 30667 10650491 4891 poll_schedule_timeout do_sys_poll SyS_poll system_call_fastpath 0x7f636573dc1d 8 105 44 futex_wait_queue_me futex_wait do_futex SyS_futex system_call_fastpath 0x7f6365a167bc
The first three numbers in each line are the number of times the following code is executed, the total execution delay time (unit is microseconds) and the maximum execution delay time (unit is microseconds). What follows is the complete call stack of the code.
/proc/[pid]/maps Displays the memory area mapping information of the process. Examples are as follows:
$ cat /proc/2406/maps 00400000-006ea000 r-xp 00000000 fd:01 1727569 /usr/bin/frps 006ea000-00a6c000 r--p 002ea000 fd:01 1727569 /usr/bin/frps 00a6c000-00ab1000 rw-p 0066c000 fd:01 1727569 /usr/bin/frps 00ab1000-00ad4000 rw-p 00000000 00:00 0 c000000000-c00000b000 rw-p 00000000 00:00 0 c41feac000-c420000000 rw-p 00000000 00:00 0 c420000000-c420400000 rw-p 00000000 00:00 0 c420400000-c420700000 rw-p 00000000 00:00 0 c420700000-c420800000 rw-p 00000000 00:00 0 c420800000-c420900000 rw-p 00000000 00:00 0 c420900000-c420a00000 rw-p 00000000 00:00 0 c420a00000-c421ea0000 rw-p 00000000 00:00 0 c421ea0000-c422a00000 rw-p 00000000 00:00 0 c422a00000-c422a60000 rw-p 00000000 00:00 0 7f0418c01000-7f0418ee1000 rw-p 00000000 00:00 0 7ffff7f4f000-7ffff7f70000 rw-p 00000000 00:00 0 [stack:5121] 7ffff7fad000-7ffff7faf000 r--p 00000000 00:00 0 [vvar] 7ffff7faf000-7ffff7fb1000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
One thing to note is that [stack:] is the stack information of the thread, corresponding to the /proc/[pid]/task/[tid]/ path.
/proc/[pid]/root is a symbolic link to the process root directory. Examples are as follows:
$ ls -lt /proc/2406/root lrwxrwxrwx 1 root root 0 Dec 12 20:39 /proc/2406/root -> /
/proc/[pid]/stack shows the kernel call stack information of the current process. This file will be generated only if the CONFIG_STACKTRACE compilation option is turned on during kernel compilation. Examples are as follows:
$ cat /proc/2406/stack [<ffffffff810fa996>] futex_wait_queue_me 0xc6/0x130 [<ffffffff810fb05d>] futex_wait 0x17d/0x270 [<ffffffff810fd2d5>] do_futex 0xd5/0x520 [<ffffffff810fd791>] SyS_futex 0x71/0x150 [<ffffffff8180cc76>] entry_SYSCALL_64_fastpath 0x16/0x75 [<ffffffffffffffff>] 0xffffffffffffffff </ffffffffffffffff></ffffffff8180cc76></ffffffff810fd791></ffffffff810fd2d5></ffffffff810fb05d></ffffffff810fa996>
/proc/[pid]/statm Displays statistical information on the memory size occupied by the process. Contains seven values, and the unit of measurement is page (the page size can be obtained through getconf PAGESIZE). Examples are as follows:
$ cat /proc/2406/statm 13720 2617 493 746 0 12007 0
The meaning of each value:
a) The total memory occupied by the process b) The physical memory occupied by the process at the current moment c) Memory shared with other processes d) Code segment of the process e) Shared library (from version 2.6 onwards, this value is 0) f) Stack of the process g) dirty pages (from version 2.6 onwards, this value is 0)
/proc/[pid]/status contains status information of the process. Much of its content is the same as /proc/[pid]/stat and /proc/[pid]/statm, but presented in a clearer way. Examples are as follows:
$ cat /proc/2406/status Name: frps State: S (sleeping) Tgid: 2406 Ngid: 0 ID: 2406 PPid: 2130 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 128 Groups: 0 NStgid: 2406 NSpid: 2406 NSpgid: 2406 NSsid: 2130 VmPeak: 54880 kB VmSize: 54880 kB VmLck: 0 kB VmPin: 0 kB VmHWM: 34872 kB VmRSS: 10468 kB VmData: 47896 kB VmStk: 132 kB VmExe: 2984 kB VmLib: 0 kB VmPTE: 68 kB VmPMD: 20 kB VmSwap: 0 kB HugetlbPages: 0 kB Threads: 11 SigQ: 0/31834 SigPnd: 0000000000000000 ShdPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 0000000000000000 SigCgt: fffffffe7fc1feff CapInh: 0000000000000000 CapPrm: 0000003ffffffffff CapEff: 0000003ffffffffff CapBnd: 0000003ffffffffff CapAmb: 0000000000000000 Seccomp: 0 Cpus_allowed: f Cpus_allowed_list: 0-3 Mems_allowed: 00000000,00000001 Mems_allowed_list: 0 voluntary_ctxt_switches: 2251028 nonvoluntary_ctxt_switches: 18031
Information about signals: SigQ is divided into two parts (for example, 0/31834). The former indicates the signal currently in the queue (0), and the latter indicates how many signals the queue can store in total (31834); SigPnd Represents the pending signal of the current thread, while ShdPnd indicates the pending signal of the entire process; SigBlk, SigIgn and SigCgt respectively indicate whether the signal processing is blocked, ignored, or captured. (For relevant knowledge about Unix signals, please refer to Unix: Dealing with signals).
/proc/[pid]/syscall displays the system calls being executed by the current process. Examples are as follows:
$ cat /proc/2406/syscall 202 0xab3730 0x0 0x0 0x0 0x0 0x0 0x7ffff7f6ec68 0x455bb3
The first value is the system call number (202 represents poll), followed by the parameter values of 6 system calls (located in registers), and the last two values are the stack pointer and instruction counter values. If the current process is blocked, but the blocking function is not a system call, the value of the system call number is -1, followed by the values of the stack pointer and instruction counter. If the process is not blocked, the file will only have a running string.
This file will be generated only when the CONFIG_HAVE_ARCH_TRACEHOOK compilation option is turned on during kernel compilation.
/proc/[pid]/wchan Displays the functions currently running by the kernel when the process sleeps. Examples are as follows:
$ cat /proc/2406/wchan futex_wait_queue_meadmin
The above is the detailed content of A brief analysis of the files in the /proc/[pid] directory in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
How to use docker desktop
Apr 15, 2025 am 11:45 AM
How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).
Difference between centos and ubuntu
Apr 14, 2025 pm 09:09 PM
The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
What to do if the docker image fails
Apr 15, 2025 am 11:21 AM
Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.
How to view the docker process
Apr 15, 2025 am 11:48 AM
Docker process viewing method: 1. Docker CLI command: docker ps; 2. Systemd CLI command: systemctl status docker; 3. Docker Compose CLI command: docker-compose ps; 4. Process Explorer (Windows); 5. /proc directory (Linux).
What computer configuration is required for vscode
Apr 15, 2025 pm 09:48 PM
VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)
Detailed explanation of docker principle
Apr 14, 2025 pm 11:57 PM
Docker uses Linux kernel features to provide an efficient and isolated application running environment. Its working principle is as follows: 1. The mirror is used as a read-only template, which contains everything you need to run the application; 2. The Union File System (UnionFS) stacks multiple file systems, only storing the differences, saving space and speeding up; 3. The daemon manages the mirrors and containers, and the client uses them for interaction; 4. Namespaces and cgroups implement container isolation and resource limitations; 5. Multiple network modes support container interconnection. Only by understanding these core concepts can you better utilize Docker.
What is vscode What is vscode for?
Apr 15, 2025 pm 06:45 PM
VS Code is the full name Visual Studio Code, which is a free and open source cross-platform code editor and development environment developed by Microsoft. It supports a wide range of programming languages and provides syntax highlighting, code automatic completion, code snippets and smart prompts to improve development efficiency. Through a rich extension ecosystem, users can add extensions to specific needs and languages, such as debuggers, code formatting tools, and Git integrations. VS Code also includes an intuitive debugger that helps quickly find and resolve bugs in your code.
How to switch Chinese mode with vscode
Apr 15, 2025 pm 11:39 PM
VS Code To switch Chinese mode: Open the settings interface (Windows/Linux: Ctrl, macOS: Cmd,) Search for "Editor: Language" settings Select "Chinese" in the drop-down menu Save settings and restart VS Code
