Re: format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } )
Re: format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } )
- Subject: Re: format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } )
- From: Shantonu Sen <email@hidden>
- Date: Sat, 31 Mar 2012 21:00:58 -0700
the only documentation is the source:
<http://www.opensource.apple.com/source/xnu/xnu-1699.24.23/bsd/kern/kern_sysctl.c>
<http://www.opensource.apple.com/source/xnu/xnu-1699.24.23/bsd/kern/kern_exec.c>
those aren't uint32=0, they are zeros to align parts of the argument area at pointer alignment (8 bytes for a 64-bit process)
Shantonu
On Mar 31, 2012, at 7:48 PM, Gerriet M. Denkmann <email@hidden> wrote:
>
> On 1 Apr 2012, at 07:44, Michael Nickerson wrote:
>
>> On Mar 31, 2012, at 3:40 PM, "Gerriet M. Denkmann" <email@hidden> wrote:
>>
>>> Is the output format of format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } ) somewhere documented?
>>>
>>> The output seems to be mostly Utf8-strings, with some ints thrown in. These ints seem to have their lower 16 bits = zero.
>>>
>>>
>>
>> If I remember correctly, it's just an array of chars, each separated by a NULL char ('\0'). It's been awhile since I played around with it, but I think it's the path that was used to invoke the executable (twice I think), followed by any arguments passed to it, and maybe after that environment variables. The latter may only be given with KERN_PROCARGS2, I don't remember.
>
>
> A typical output of KERN_PROCARGS is:
> 00000 "/System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService"
> 0x08c uint32 0
> 0x090 "com.apple.coremedia.videodecoder"
> 0x0b1 "HOME=/Users/gerriet"
> 0x0c5 "Apple_PubSub_Socket_Render=/tmp/launch-kEQ3zJ/Render"
> 0x0fa "SSH_AUTH_SOCK=/tmp/launch-prg9nP/Listeners"
> 0x125 "PATH=/usr/bin:/bin:/usr/sbin:/sbin"
> 0x148 "__CF_USER_TEXT_ENCODING=0x1F6:0:2"
> 0x16a "TMPDIR=/var/folders/0f/2zvz4vss10gdwm_dwz__2kh80000gp/T/"
> 0x1a4 uint32 0
> 0x1a8 "stack_guard=0xc24643161eedeb92"
> 0x1c7 "malloc_entropy=0x0681aaf5720495d0,0x6d06a7d32ea812b7"
> 0x1fc uint32 0
> 0x200 uint32 0
> 0x204 uint32 0xbfff0000
> 0x208 uint32 0
> 0x20c "/System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService"
> 0x298 uint32 0
>
> That is: '\0' terminated Utf8-strings + some uint32.
> The sequence 0,0, 0xbfff0000, 0 is fairly typical.
> The other zeroes may or may not occur.
>
> KERN_PROCARGS2 has only uint32s - if at all. Nothing which looks interesting for me.
>
>
> Kind regards,
>
> Gerriet.
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden