{
	"id": "87ccbf1c-a5ee-4da1-a003-d76e92774a62",
	"created_at": "2026-04-06T00:06:57.735591Z",
	"updated_at": "2026-04-10T13:12:50.944361Z",
	"deleted_at": null,
	"sha1_hash": "904ad1e9219ae490a6368fe85118773808883ffb",
	"title": "Understanding the Linux /proc/id/maps File | Baeldung on Linux",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 93615,
	"plain_text": "Understanding the Linux /proc/id/maps File | Baeldung on Linux\r\nBy baeldung\r\nPublished: 2022-03-14 · Archived: 2026-04-05 18:11:59 UTC\r\n 1. Overview\r\nIn this tutorial, we’ll see how to profile the memory usage of a Linux process by reading the output of the\r\n/proc/id/maps file. We’ll start by explaining the concept of virtual memory. Next, we’ll describe the virtual\r\naddress space of a process, its structure, and the permissions around it. Finally, we’ll go over how to interpret\r\nthe output of /proc/id/maps to view the virtual address space of a particular process.\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 1 of 11\n\n2. What Is Virtual Memory?\r\nVirtual memory allows each process to claim all of the available physical memory that is present on the\r\nmachine. In other words, each process acts as if it is the only process running in the operating system. This\r\napproach has many benefits. For instance, it offers a much better developer experience, as it greatly simplifies the\r\nnew memory requests. Moreover, it improves security, as it isolates processes so they can’t interfere with each\r\nother. Lastly, it increases the performance because when an error occurs, it only affects a single process without\r\nadding overhead to the rest of the processes.\r\nHowever, special care needs to be taken if the total amount of virtual memory exceeds the actual memory\r\nthat’s available (including the swap space). To solve that problem, Linux has introduced the out-of-memory\r\nkiller.\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 2 of 11\n\n3. Virtual Address Space (VAS) of a Process\r\nThe virtual address space (VAS) of a process consists of all the available memory addresses that this process\r\ncan refer to. This is the virtual memory, which is approximately equal to the total physical memory that’s\r\ninstalled on the machine.\r\nThe VAS is split into two regions:\r\nKernel space virtual addresses are referred to by processes that switch from user mode to kernel mode\r\nUser space virtual addresses contain different types of segments that contain the processes’ code, data, and\r\ndependencies\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 3 of 11\n\n3.1. Segment Types\r\nThe user VAS segments, also known as mappings, are contiguous blocks of memory whose content depends\r\non the segment type. Let’s look at the different types:\r\nCode segments (or text segment), which contain executable code\r\nData segments that contain process data such as variables and constants. They break further down into\r\ninitialized data segments, uninitialized data segments, and heap segments\r\nStack segments can be expanded dynamically and contain the function parameters and local function\r\nvariables\r\nShared libraries segments, which contain linked (shared) libraries that the process uses\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 4 of 11\n\n3.2. Segment Permissions\r\nThose segments are mapped with a set of permissions that control which actions are allowed on them. These\r\npermissions, which are often referred to as modes, are the following:\r\nread-only (r) means that the segment is readable, hence all segments usually have that mode\r\nread-write (w) means that the segment is readable and writeable to allow for data modification\r\nexecute (x) means that the segment contains executable code\r\nprivate (p), which means that the segment is private, thus only visible from that process\r\nshared (s), which means that multiple (at least 2) processes share that segment\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 5 of 11\n\n4. Examining the VAS of a Process With /proc/id/maps\r\nLet’s now apply what we learned in the previous sections to understand the VAS of a process. Assuming that we\r\nknow the PID of the process, we can leverage procfs to see what the VAS looks like. To do that, we can read\r\nfrom the /proc/\u003cpid\u003e/maps file. Here’s an example output, using the cat command:\r\n$ cat /proc/self/maps\r\n559b8c418000-559b8c41a000 r--p 00000000 08:30 1708 /usr/bin/cat\r\n559b8c41a000-559b8c41f000 r-xp 00002000 08:30 1708 /usr/bin/cat\r\n559b8c41f000-559b8c422000 r--p 00007000 08:30 1708 /usr/bin/cat\r\n559b8c422000-559b8c423000 r--p 00009000 08:30 1708 /usr/bin/cat\r\n559b8c423000-559b8c424000 rw-p 0000a000 08:30 1708 /usr/bin/cat\r\n559b8c5d1000-559b8c5f2000 rw-p 00000000 00:00 0 [heap]\r\n7faa72001000-7faa72023000 rw-p 00000000 00:00 0\r\n7faa72023000-7faa72055000 r--p 00000000 08:30 3023 /usr/lib/locale/C.UTF-8/LC_CTYPE\r\n7faa72055000-7faa72056000 r--p 00000000 08:30 3030 /usr/lib/locale/C.UTF-8/LC_NUMERIC\r\n7faa72056000-7faa72057000 r--p 00000000 08:30 3033 /usr/lib/locale/C.UTF-8/LC_TIME\r\n7faa72057000-7faa721ca000 r--p 00000000 08:30 3022 /usr/lib/locale/C.UTF-8/LC_COLLATE\r\n7faa721ca000-7faa721cb000 r--p 00000000 08:30 3028 /usr/lib/locale/C.UTF-8/LC_MONETARY\r\n7faa721cb000-7faa721cc000 r--p 00000000 08:30 3027 /usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS\r\n7faa721cc000-7faa721cd000 r--p 00000000 08:30 3031 /usr/lib/locale/C.UTF-8/LC_PAPER\r\n7faa721cd000-7faa721ce000 r--p 00000000 08:30 3029 /usr/lib/locale/C.UTF-8/LC_NAME\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 6 of 11\n\n7faa721ce000-7faa721cf000 r--p 00000000 08:30 3021 /usr/lib/locale/C.UTF-8/LC_ADDRESS\r\n7faa721cf000-7faa724b5000 r--p 00000000 08:30 3034 /usr/lib/locale/locale-archive\r\n7faa724b5000-7faa724da000 r--p 00000000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa724da000-7faa72652000 r-xp 00025000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa72652000-7faa7269c000 r--p 0019d000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa7269c000-7faa7269d000 ---p 001e7000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa7269d000-7faa726a0000 r--p 001e7000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa726a0000-7faa726a3000 rw-p 001ea000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa726a3000-7faa726a9000 rw-p 00000000 00:00 0\r\n7faa726a9000-7faa726aa000 r--p 00000000 08:30 3032 /usr/lib/locale/C.UTF-8/LC_TELEPHONE\r\n7faa726aa000-7faa726ab000 r--p 00000000 08:30 3025 /usr/lib/locale/C.UTF-8/LC_MEASUREMENT\r\n7faa726ab000-7faa726b2000 r--s 00000000 08:30 11818 /usr/lib/x86_64-linux-gnu/gconv/gconv-m\r\n7faa726b2000-7faa726b3000 r--p 00000000 08:30 11854 /usr/lib/x86_64-linux-gnu/ld-2.31.so\r\n7faa726b3000-7faa726d6000 r-xp 00001000 08:30 11854 /usr/lib/x86_64-linux-gnu/ld-2.31.so\r\n7faa726d6000-7faa726de000 r--p 00024000 08:30 11854 /usr/lib/x86_64-linux-gnu/ld-2.31.so\r\n7faa726de000-7faa726df000 r--p 00000000 08:30 3024 /usr/lib/locale/C.UTF-8/LC_IDENTIFICATI\r\n7faa726df000-7faa726e0000 r--p 0002c000 08:30 11854 /usr/lib/x86_64-linux-gnu/ld-2.31.so\r\n7faa726e0000-7faa726e1000 rw-p 0002d000 08:30 11854 /usr/lib/x86_64-linux-gnu/ld-2.31.so\r\n7faa726e1000-7faa726e2000 rw-p 00000000 00:00 0\r\n7ffeb2f53000-7ffeb2f74000 rw-p 00000000 00:00 0 [stack]\r\n7ffeb2f99000-7ffeb2f9d000 r--p 00000000 00:00 0 [vvar]\r\n7ffeb2f9d000-7ffeb2f9e000 r-xp 00000000 00:00 0 [vdso]\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 7 of 11\n\n4.1. Understanding the Output\r\nIn the above output, we can see the user VAS of the command line utility cat. We can see that there are six\r\ncolumns in total. Let’s look at the first line and describe what each column is about:\r\n\u003caddress start\u003e-\u003caddress end\u003e \u003cmode\u003e \u003coffset\u003e \u003cmajor id:minor id\u003e \u003cinode id\u003e \u003cfile path\u003e\r\n 559b8c418000-559b8c41a000 r--p 00000000 08:30 1708 /usr/bin/cat\r\naddress start – address end is the start and end address of that mapping. Note that the whole output\r\nis sorted based on those addresses, from low to high.\r\nmode (permissions) specifies which actions are available on this mapping and if it’s private or shared.\r\noffset is the start offset in bytes within the file that is mapped. This only makes sense for file\r\nmappings. For instance, stack or heap mappings are examples of mappings that aren’t files, and in those\r\ncases, the offset is 0. In the above example, the mapping is of the /usr/bin/cat file, and the offset is 0.\r\nmajor:minor ids represent the device that the mapped file lives in the form of a major and minor id. In\r\nthe above example, 08:30 represents the major and minor id of the hard drive that has the root filesystem.\r\nFor non-file mappings, this column shows 00:00.\r\ninode id of the mapped file (again, that’s only valid for file mappings). Inodes are data structures that\r\ncontain the core filesystem-related metadata. When it comes to non-file mappings, this field is set to 0.\r\nIn our example, this id is 1708.\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 8 of 11\n\nThe file path of the file for that mapping. In the event that this is not a file mapping, that field is empty.\r\n4.2. Examining the Output Line by Line\r\nWe’re now ready to examine the output line by line. To keep this short, we are only going to describe a\r\nrepresentative example for every different type of segment that we see in the output. Let’s jump right in:\r\nFirstly, we see a read-only, private mapping for the /usr/bin/cat file:\r\n559b8c418000-559b8c41a000 r--p 00000000 08:30 1708 /usr/bin/cat\r\nThis is a private data segment, which most probably contains global variables or constants and is therefore read-only.\r\nSecondly, we see a readable and executable mapping, again for /usr/bin/cat:\r\n559b8c41a000-559b8c41f000 r-xp 00002000 08:30 1708 /usr/bin/cat\r\nGiven that it is executable, this segment is the code segment.\r\nThirdly, we see a readable and writable mapping:\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 9 of 11\n\n559b8c423000-559b8c424000 rw-p 0000a000 08:30 1708 /usr/bin/cat\r\nAgain, this is a data segment, most probably for the process to store and update variables.\r\nFurther, we can see a mapping that corresponds to the heap segment:\r\n559b8c5d1000-559b8c5f2000 rw-p 00000000 00:00 0 [heap]\r\nNote that this is not a file mapping, so the major, minor, and inode ids are 0.\r\nNext, we see a read-only private mapping:\r\n7faa72023000-7faa72055000 r--p 00000000 08:30 3023 /usr/lib/locale/C.UTF-8/LC_CTYPE\r\nThis is a (read-only) data segment that contains locale-related constants.\r\nLastly, we can see read-only data segments and code segments for libc:\r\n7faa724b5000-7faa724da000 r--p 00000000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa724da000-7faa72652000 r-xp 00025000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa72652000-7faa7269c000 r--p 0019d000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa7269c000-7faa7269d000 ---p 001e7000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa7269d000-7faa726a0000 r--p 001e7000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\n7faa726a0000-7faa726a3000 rw-p 001ea000 08:30 11971 /usr/lib/x86_64-linux-gnu/libc-2.31.so\r\nThis is a shared library used by the cat process.\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 10 of 11\n\n5. Conclusion\r\nIn this article, we saw how to examine the user virtual address space (VAS) of a Linux process. We started by\r\nbriefly explaining what virtual memory is. Next, we described the user VAS of a process and its segments. Then,\r\nwe explained how to dive deep into the VAS by reading the /proc/id/maps file. Finally, we saw a line-by-line\r\nexample of the output from that file for the cat command-line utility.\r\nSource: https://www.baeldung.com/linux/proc-id-maps\r\nhttps://www.baeldung.com/linux/proc-id-maps\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.baeldung.com/linux/proc-id-maps"
	],
	"report_names": [
		"proc-id-maps"
	],
	"threat_actors": [],
	"ts_created_at": 1775434017,
	"ts_updated_at": 1775826770,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/904ad1e9219ae490a6368fe85118773808883ffb.pdf",
		"text": "https://archive.orkl.eu/904ad1e9219ae490a6368fe85118773808883ffb.txt",
		"img": "https://archive.orkl.eu/904ad1e9219ae490a6368fe85118773808883ffb.jpg"
	}
}