Determine a process that "owns" the socket_t
Determine a process that "owns" the socket_t
- Subject: Determine a process that "owns" the socket_t
- From: James J <email@hidden>
- Date: Wed, 04 May 2011 23:45:50 +0300
Hello
I am writing an NKE filter, and I'm wondering if i could get a process
name (ideally - a full path to the process) that my filter has been
attached to. When my "attach" function has been called, i have a
pointer to the socket_t structure. Is there any way to trace the way
to the process (a process' PID identifier) that has opened this
socket, and find out its name?
So, if i am lucky and there is a way to determine the process
identifier, i also dare to ask if i could get process name by its
identifier from a kernel space (i know i can get it using sysctl, from
the user space, and therefore as the last resort i could send a
request to the usermode process and wait for the response, but i am
pretty sure it should be possible to do from the kernelspace).
Unfortunately my Darwin kernel programming knowledge finish with NKE
programming only.
I am writing a Parental Control system, that passes only a specific
"allowed" applications' packets (or, rather, should not pass network
packets of/for "banned" applications).
Thanks for any response, if i get any
James Ex.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden