Peek into a program's address space by reading the kernel's /proc maps file and learn to interpret what you see. 28.11.2025 | reading time: 3 min Want to know where a process places its code, heap, stack and shared libraries? Use `cat /proc/<pid>/maps` or `cat /proc/self/maps` to print the kernel's view of a process memory map and read start and end addresses, permissions, offsets, device and pathnames in a single, human-readable file. Quick live example Run `cat /proc/self/maps` to inspect the current shell; for example run the following in a terminal and you will see address ranges, permissions and mapped file names: ```sh $ cat /proc/self/maps 00400000-0040b000 r-xp 00000000 08:01 262151 /bin/cat 0060a000-0060b000 r--p 0000a000 08:01 262151 /bin/cat 0060b000-0060c000 rw-p 0000b000 08:01 262151 /bin/cat 00e2b000-00e4c000 rw-p 00000000 00:00 0 [heap] 7f7b5f7f9000-7f7b5f9b7000 r--p 00000000 08:01 105124 /usr/lib/locale/locale-archive 7ffd1a2f7000-7ffd1a318000 rw-p 00000000 00:00 0 [stack] 7ffd1a3fb000-7ffd1a3fe000 r--p 00000000 00:00 0 [vvar]``` How to read each column Each line contains the address range, permissions like r,w,x and p or s for private/shared, the offset into the backing file, device and inode, and an optional pathname or bracketed tag; anonymous regions show no pathname, the heap appears as [heap], the thread stack as [stack], and kernel-provided helpers as [vvar] or [vdso]. Real tasks you can do Use the maps output to confirm which shared libraries a process loaded, detect unexpected writable executable regions, compare maps before and after loading a module, locate a buffer for debugging, or feed addresses into addr2line and gdb to resolve addresses to source code during troubleshooting. Related files and more detail When you need sizes and accounting per mapping, read `/proc/<pid>/smaps` for detailed statistics such as RSS, PSS and swap; `/proc/<pid>/maps` is fast and simple while `smaps` is verbose and heavier, and `/proc/<pid>/numa_maps` can help on NUMA systems. Wrap-up and next steps Reading `/proc/<pid>/maps` is a lightweight, scriptable way to inspect a process address space and to detect anomalies before deeper debugging; practice on simple programs, combine the output with `pmap` or `gdb` and consider studying for certifications like CompTIA Linux+ or LPIC-1 to formalize these troubleshooting skills with intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. processes utilities troubleshooting
