Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

How to get current process executable from KEXT?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to get current process executable from KEXT?

Subject: How to get current process executable from KEXT?
From: Jakub Bednar <email@hidden>
Date: Mon, 1 Feb 2010 12:03:59 +0100

Hi list,

	   can please anyone help me to figure out how to get the executable path for current process from within a KEXT?

The Mac OS X Internals book points to p_textvp field of struct proc, but this is not a public API. I have also found a post that says that this field is not even set by exec system calls.

I have tried the proc_selfname(), but this is returning only the name, without the full path. It is returning the p_comm[] field of struct proc internally.

I have checked how the user-space lsof utility does its job, and it uses the proc_pidbsdinfo() call. This call returns the p_name[] field of struct proc as the name of the executable with full path. However the proc_pidbsdinfo() is not in the Kernel.framework headers so it probably can't be used in a KEXT.

Can anyone help me to solve this? I really need to distinguish between e.g. /usr/bin/utility and /malware/utility.

Thanks a lot,

Jakub

  _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: How to get current process executable from KEXT?
  - From: Shantonu Sen <email@hidden>

Next by Date: Re: How to get current process executable from KEXT?
Next by thread: Re: How to get current process executable from KEXT?
Index(es):
- Date
- Thread