Here's how to locate named shared memory, answer who's sharing it and whether a particular address in the shared arena is named.
Named memory is managed using a RMP (Record Management Package). This is a generalised kernel facility for managing global data of variable length. The RMP facility provides allocation, deletion, add and find services. Each RMP user references his RMP structure using a handle. The RMP itself is limited to a maximum of 64K.
>>> First locate the handle of named shared memory's RMP:
##dw sharermpstruc l2
0400:00004506 0004 0178
|| |
|| ....... Selector for RMP segment
.......... Flags xxxxxxxx
.......1 = Segment busy
......1. = Somebody's waiting
.....1.. = Segment allocated
>>> The RMP handle is used as the blockid (by ProcBlock) for serialising
>>> RMP manipulations.
>>>
>>> Now display the named memory RMP segment:
##db 178:0
0178:00000000 00 06 a2 03 5e 02 5e 02-03 00 00 00 00 00 00 00 ..".^.^.........
0178:00000010 83 ff 00 00 11 00 00 00-9b 06 01 00 44 4f 53 5c ............DOS\
0178:00000020 43 44 49 42 00 13 00 88-01 47 bd 04 00 50 4d 44 CDIB.....G=..PMD
0178:00000030 52 41 47 2e 4d 45 4d 00-08 00 9f 00 88 01 01 00 RAG.MEM.........
0178:00000040 14 00 91 01 d7 bc 02 00-53 4d 47 5c 53 47 54 49 ....W<..SMG\SGTI
0178:00000050 54 4c 45 00 08 00 9f 00-91 01 01 00 12 00 93 01 TLE.............
0178:00000060 b7 bc 02 00 42 56 53 5c-42 56 53 30 30 00 08 00 7<..BVS\BVS00...
0178:00000070 9f 00 93 01 01 00 12 00-a8 01 8f bc 01 00 42 56 ........(..<..BV
##d
0178:00000080 53 5c 42 56 53 30 31 00-08 00 9f 00 a8 01 01 00 S\BVS01.....(...
0178:00000090 12 00 ab 01 67 bc 01 00-42 56 53 5c 42 56 53 30 ..+.g<..BVS\BVS0
0178:000000a0 33 00 08 00 9f 00 ab 01-01 00 18 00 c4 01 3f bc 3.....+.....D.?<
0178:000000b0 02 00 53 4d 47 5c 50 4d-48 44 45 52 52 2e 44 41 ..SMG\PMHDERR.DA
0178:000000c0 54 00 08 00 af 01 c4 01-01 00 08 00 af 01 91 01 T.../.D...../...
0178:000000d0 01 00 08 00 af 01 93 01-01 00 08 00 9f 00 c4 01 ..../.........D.
0178:000000e0 01 00 12 00 43 02 2f a0-02 00 42 56 53 5c 42 56 ....C./ ..BVS\BV
0178:000000f0 53 31 30 00 08 00 9f 00-43 02 01 00 08 00 4c 02 S10.....C.....L.
##d
0178:00000100 43 02 01 00 08 00 58 02-88 01 01 00 17 00 9c 02 C.....X.........
0178:00000110 cf 9f 01 00 50 4d 57 50-5c 43 4c 41 53 53 2e 54 O...PMWP\CLASS.T
0178:00000120 42 4c 00 08 00 58 02 9c-02 01 00 08 00 fa 02 88 BL...X.......z..
0178:00000130 01 01 00 18 00 13 04 e7-9e 01 00 45 50 4d 5c 45 .......g...EPM\E
0178:00000140 54 4b 45 36 30 30 2e 45-50 4d 00 08 00 fa 02 13 TKE600.EPM...z..
0178:00000150 04 01 00 10 00 15 04 ff-9d 01 00 45 50 4d 47 4e ...........EPMGN
0178:00000160 4c 53 00 08 00 fa 02 15-04 01 00 18 00 03 04 e7 LS...z.........g
0178:00000170 9d 01 00 31 35 35 30 32-33 33 33 5c 45 50 4d 2e ...15502333\EPM.
##d
0178:00000180 45 58 00 08 00 fa 02 03-04 01 00 08 00 56 03 88 EX...z.......V..
0178:00000190 01 01 00 1b 00 f6 02 bf-9d 01 00 31 35 33 39 34 .....v.?...15394
0178:000001a0 39 31 34 5c 45 33 45 4d-55 4c 2e 45 58 00 08 00 914\E3EMUL.EX...
0178:000001b0 fa 02 f6 02 01 00 12 00-90 03 8f 9d 03 00 42 56 z.v...........BV
0178:000001c0 53 5c 42 56 53 31 34 00-08 00 9f 00 90 03 01 00 S\BVS14.........
0178:000001d0 08 00 32 04 90 03 01 00-12 00 43 04 6f 9d 03 00 ..2.......C.o...
0178:000001e0 42 56 53 5c 42 56 53 31-35 00 08 00 9f 00 43 04 BVS\BVS15.....C.
0178:000001f0 01 00 08 00 48 04 43 04-01 00 08 00 57 04 90 03 ....H.C.....W...
##d
0178:00000200 01 00 08 00 62 04 43 04-01 00 12 00 87 04 4f 9d ....b.C.......O.
0178:00000210 03 00 42 56 53 5c 42 56-53 31 36 00 08 00 9f 00 ..BVS\BVS16.....
0178:00000220 87 04 01 00 08 00 8b 04-87 04 01 00 08 00 99 04 ................
0178:00000230 87 04 01 00 12 00 0a 03-ef 9c 03 00 42 56 53 5c ........o...BVS\
0178:00000240 42 56 53 31 38 00 08 00-9f 00 0a 03 01 00 08 00 BVS18...........
0178:00000250 d6 04 0a 03 01 00 08 00-bb 04 0a 03 01 00 a2 83 V.......;.....".
0178:00000260 00 00 5e 02 00 00 9a 83-00 00 66 02 00 00 00 00 ..^.......f.....
0178:00000270 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
>>> The first 20 bytes form the RMP header, the remainder is a series of
>>> variable length records.
>>> Examining the header first we have:
>>> +00 00 06 = total size of segment (0600)
>>> +02 a2 03 = amount of free space (03a2)
>>> +04 5e 02 = link to first free block (025e)
>>> +06 5e 02 = start of last free block (025e)
>>> +08 03 00 00 00 = heap handle (0003 is kernel heap handle from which
>>> RMP is alloc'd)
>>> +0c 00 00 00 00 = PG alloc/realloc flags
>>> +10 83 ff = hobowner (handle of user of this RMP is ff83)
>>> +12 00 00 = hobmte (hmte of user of this RMP. It's the kernel so 0000)
>>> Check out the owner of this RMP
##.mo ff83
ff83 mshrmp
>>> 'mshrmp' is named shared memory management
>>> Records follow the header. They are prefixed by a word length that includes
>>> 2 bytes for the length field itself. If the record is free then the high
>>> order bit of the length is set. The data within the record is private to
>>> the owner.
>>> The first record in this RMP is:
....... length 0011
|| ||
>>> 0178:00000010 .. .. .. .. 11 00 00 00-9b 06 01 00 44 4f 53 5c
>>> 0178:00000020 43 44 49 42 00 .. .. ..
>>> The second record in this RMP is:
>>> 0178:00000020 .. .. .. .. .. 13 00 88-01 47 bd 04 00 50 4d 44
>>> 0178:00000030 52 41 47 2e 4d 45 4d 00-.. .. .. .. .. .. .. ..
>>> Named shared memory management uses two forms of RMP record:
>>> Global - to keep the name, handle, selector and total reference count
>>> Local - One for each process sharing the named memory. Contains
>>> hptda, hob and ref count for within the given process.
>>>
>>> Breaking down record 2 we have:
>>> +00 0013 length of record
>>> +02 0188 hob of shared object
>>> +04 bd47 selector of shared object
>>> +06 0004 reference count
>>> +08 PMDRAG.MEM name (with \SHAREMEM\ prefix omitted) and terminated with
>>> a null byte (that is, it's an ASCIIZ string)
>>> Check out hob 188
##.moc 188
*har par cpg va flg next prev link hash hob hal
0140 %fecffb8a 00000010 %17a80000 369 000f 0141 0000 0000 0188 0000 hco=00291
hob har hobnxt flgs own hmte sown,cnt lt st xf
0188 0140 0000 482c ff82 017d 0000 00 00 00 00 mshare
hco=00291 pco=fe85dcf0 hconext=003c8 hptda=02fa f=16 pid=0013 c:epm.exe
hco=003c8 pco=fe85e303 hconext=00246 hptda=0356 f=16 pid=0009 c:mrfile32.exe
hco=00246 pco=fe85db79 hconext=00070 hptda=0258 f=16 pid=0005 c:pmshell.exe
hco=00070 pco=fe85d24b hconext=00000 hptda=009f f=17 pid=0002 c:pmshell.exe
>>> We see 4 owners in accordance with the reference count
>>> note: the owner of the object is 'mshare'
>>> Check out the selector in record 2:
##dl bd47
bd47 Data Bas=17a80000 Lim=00000067 DPL=3 P RW A
>>> In this case it's within the compatibility region so could have used the
>>> CRMA to get %17a80000 directly
>>> The processes sharing the named storage may be obtained directly from local
>>> records in the RMP. A local record is of the following form:
>>>
>>> +00 word - length of record (always 0008)
>>> +02 word - hptda of user
>>> +04 word - handle of shared memory object
>>> +06 word - reference count for this ptda.
>>> Scanning through the RMP (for object 0188) we find the following local
>>> records:
>>> 0178:00000030 .. .. .. .. .. .. .. ..-08 00 9f 00 88 01 01 00
>>> 0178:00000100 .. .. .. .. 08 00 58 02-88 01 01 00 .. .. .. ..
>>> 0178:00000120 .. .. .. .. .. .. .. ..-.. .. .. 08 00 fa 02 88
>>> 0178:00000130 01 01 00 .. .. .. .. ..-.. .. .. .. .. .. .. ..
>>> 0178:00000180 .. .. .. .. .. .. .. ..-.. .. .. 08 00 56 03 88
>>> 0178:00000190 01 01 00 .. .. .. .. ..-.. .. .. .. .. .. .. ..
>>> This confirms what was shown in the .mo 188 display, but we have in addition
>>> the reference count for each process.
>>> Finally, we can cut the cake a different way by asking what is all the
>>> named storage being referenced by a particular process. For example
>>> EPM.
>>> Start by finding its slot nos.
.p
Slot Pid Ppid Csid Ord Sta Pri pTSD pPTDA pTCB Disp SG Name
.
.
.
0027 0013 0002 0013 0001 blk 0200 7b974000 7bb460d0 7bb2bf24 1eb8 12 epm
0020 0013 0002 0013 0002 blk 0200 7b966000 7bb460d0 7bb2b338 1ecc 12 epm
.
.
>>> EPM's pPTDA is %7bb460d0. Now find the hptda of this PTDA
##.mom %7bb460d0
hob va flgs own hmte sown,cnt lt st xf
02fa %7bb460d0 8000 ffcb 035b 0000 00 00 00 00 ptda 0013 c:epm.exe
>>> Answer: 2fa.
>>> Now look through the RMP for local records that begin:
>>> 08 00 fa 02
>>> 0178:00000120 .. .. .. .. .. .. .. ..-.. .. .. 08 00 fa 02 88
>>> 0178:00000130 01 01 00 .. .. .. .. ..-.. .. .. .. .. .. .. ..
>>> 0178:00000140 .. .. .. .. .. .. .. ..-.. .. .. 08 00 fa 02 13
>>> 0178:00000150 04 01 00 .. .. .. .. ..-.. .. .. .. .. .. .. ..
>>> 0178:00000160 .. .. .. 08 00 fa 02 15-04 01 00 .. .. .. .. ..
>>> 0178:00000180 .. .. .. 08 00 fa 02 03-04 01 00 .. .. .. .. ..
>>> 0178:000001a0 .. .. .. .. .. .. .. ..-.. .. .. .. .. .. 08 00
>>> 0178:000001b0 fa 02 f6 02 01 00 .. ..-.. .. .. .. .. .. .. ..
>>> So, 5 named objects, with hobs=0188, 0413, 0415, 0403 and 02f6
>>> Scanning the the RMP for Global records for these objects will reveal
>>> their names: PMDRAG.MEM, EPM\ETKE600.EPM, EPMGNLS, 15502333\EPM.EXE,
>>> 15394914\E3EMUL.EX.
>>> issuing .mo against each of the hobs will reveal whether these are shared
>>> and with whom:
.moc 188
*har par cpg va flg next prev link hash hob hal
0140 %fecffb8a 00000010 %17a80000 369 000f 0141 0000 0000 0188 0000 hco=00291
hob har hobnxt flgs own hmte sown,cnt lt st xf
0188 0140 0000 482c ff82 017d 0000 00 00 00 00 mshare
hco=00291 pco=fe85dcf0 hconext=003c8 hptda=02fa f=16 pid=0013 c:epm.exe
hco=003c8 pco=fe85e303 hconext=00246 hptda=0356 f=16 pid=0009 c:mrfile32.exe
hco=00246 pco=fe85db79 hconext=00070 hptda=0258 f=16 pid=0005 c:pmshell.exe
hco=00070 pco=fe85d24b hconext=00000 hptda=009f f=17 pid=0002 c:pmshell.exe
##.moc 413
*har par cpg va flg next prev link hash hob hal
0367 %fed02ae4 00000010 %13dc0000 369 025e 0372 0000 0000 0413 0000 hco=00293
hob har hobnxt flgs own hmte sown,cnt lt st xf
0413 0367 0000 4a2c ff82 030c 0000 00 00 00 00 mshare
hco=00293 pco=fe85dcfa hconext=00000 hptda=02fa f=17 pid=0013 c:epm.exe
##.moc 415
*har par cpg va flg next prev link hash hob hal
0307 %fed022a4 00000010 %13bf0000 369 037e 02c2 0000 0000 0415 0000 hco=003cc
hob har hobnxt flgs own hmte sown,cnt lt st xf
0415 0307 0000 4a2c ff82 0407 0000 00 00 00 00 mshare
hco=003cc pco=fe85e317 hconext=00000 hptda=02fa f=17 pid=0013 c:epm.exe
##.moc 403
*har par cpg va flg next prev link hash hob hal
02c2 %fed01cb6 00000030 %13bc0000 369 0307 0262 0000 0000 0403 0000 hco=00309
hob har hobnxt flgs own hmte sown,cnt lt st xf
0403 02c2 0000 4a2c ff82 0407 0000 00 00 00 00 mshare
hco=00309 pco=fe85df48 hconext=00000 hptda=02fa f=17 pid=0013 c:epm.exe
##.moc 2f6
*har par cpg va flg next prev link hash hob hal
0273 %fed015ec 00000010 %13b70000 369 027c 02ed 0000 0000 02f6 0000 hco=00308
hob har hobnxt flgs own hmte sown,cnt lt st xf
02f6 0273 0000 4a2c ff82 0407 0000 00 00 00 00 mshare
hco=00308 pco=fe85df43 hconext=00000 hptda=02fa f=17 pid=0013 c:epm.exe
##
>>> We see that except for hob=188 all the others are for the private use of
>>> EPM.