• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Retreiving command line of process
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Retreiving command line of process

  • Subject: Re: Retreiving command line of process
  • From: Richard Hamilton <email@hidden>
  • Date: Mon, 12 Sep 2016 03:26:09 -0400
On just about any Unix-like OS I've seen, the args are on the user stack...which might be paged out; if you know how to access page(s) of process memory from the kernel, you just need to find something that discusses stack layout, I'd think, so you could figure out what diddling was needed to access the args once the page was brought in, given the user stack pointer in the proc struct.

If this were a System V derived kernel, there might be u_psargs[] (the first some characters of the command line, often 80, as it was upon exec*(), i.e. not reflecting any arg changes made by the process) in the associated user struct; but it isn't, and I don't see anything that easy offhand.

Rather than the command line, depending on what you're trying to do, the actual executable might be what you want to find out about; there's p_textvp, but that's a vnode pointer, not a pathname.



On Mon, Sep 12, 2016 at 2:54 AM, Quinn "The Eskimo!" <email@hidden> wrote:

On 12 Sep 2016, at 04:44, Charu Tiwari <email@hidden> wrote:

> Is there any way we can get "full path" (command line) of process in 'kext' (given a 'pid' is available).

Not directly.

A common approach here is to bounce the work out to user space.  And once you do that you can user other APIs, like that code signing API, that are generally better for identifying code anyway.

Share and Enjoy
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Retreiving command line of process (From: Charu Tiwari <email@hidden>)
 >Re: Retreiving command line of process (From: "Quinn \"The Eskimo!\"" <email@hidden>)

  • Prev by Date: Re: Retreiving command line of process
  • Previous by thread: Re: Retreiving command line of process
  • Index(es):
    • Date
    • Thread