Unlocking Linux /proc: How to Inspect Process Information with /proc/self

/proc Overview

The /proc directory is a virtual (pseudo) file system that resides in memory and exposes the kernel's runtime state. It contains a collection of special files that let users view hardware details, process information, and even modify certain kernel parameters.

Each numeric subdirectory under /proc corresponds to a running process ID (PID) and holds files describing that process.

/proc/self Explained

/proc/self

is a shortcut that always points to the directory of the calling process, effectively equivalent to /proc/<pid> where <pid> is the current process's PID. This eliminates the need to look up the PID before accessing process-specific files.

Practical Commands Using /proc/self

cmdline

Retrieve the full command line used to start the current process:

cat /proc/self/cmdline

cwd

Show the symbolic link to the current working directory of the process:

ls /proc/self/cwd

exe

Display the absolute path of the executable binary of the process:

ls -al /proc/self/exe

environ

List all environment variables of the process:

cat /proc/self/environ

maps

Show the memory mapping of the process, including address ranges, permissions, offsets, device numbers, inode, and associated file paths: cat /proc/self/maps Each line follows the format: address‑range permissions offset dev inode pathname . For example, /usr/bin/cat indicates a mapped binary.

mem

The /proc/self/mem file represents the process's memory image. Direct reads are restricted; to extract data you must combine the offsets from /proc/self/maps with appropriate start and end parameters.

Note: Attempting to read unmapped regions will fail.

Key Takeaways

/proc

provides a read‑only view of kernel and process state without requiring special privileges. /proc/self simplifies accessing information about the current process.

Common files ( cmdline, cwd, exe, environ, maps, mem) are useful for debugging, monitoring, and forensic analysis.