On Tue, Nov 11 2014 at 22:52, Manu . wrote:

You may also want to look at task_info. While it only gives you the all loaded images list, there is some code that you can find which can use task_info or get the offset of the structure in memory. There is a gContext variable in dyld that contains argv[] so if one can retrieve the loaded modules structure address, it should be possible to get the rest. Kind of wish that the arguments would be kept in the proc_t and made available (like on Windows EPROCESS -> PEB -> command line), alas it's not the case.

Hey Manu, I'm probably missing something super obvious, but task_info() doesn't appear to be resolvable from a kext. Were you suggesting doing this from userspace?

Date: Tue, 11 Nov 2014 16:25:46 -0800 Subject: Re: accessing argv on exec From: meklort@gmail.com To: pmoody@google.com CC: darwin-kernel@lists.apple.com; markg@garetech.com.au

Hi Peter,Here's some simple code form the days of 10.6. I expect it should still work with minor tweaks (and commenting the printfs).

This is awesome! Thanks, Evan. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com