开发者

linux get process name from pid within kernel

开发者 https://www.devze.com 2023-02-19 09:55 出处:网络
hi i have used sys_getpid() from within kernel to get process id ho开发者_如何学Cw can I find out process name from kernel struct? does it exist in kernel??

hi i have used sys_getpid() from within kernel to get process id ho开发者_如何学Cw can I find out process name from kernel struct? does it exist in kernel??

thanks very much


struct task_struct contains a member called comm, it contains executable name excluding path.

Get current macro from this file will get you the name of the program that launched the current process (as in insmod / modprobe).

Using above info you can use get the name info.


Not sure, but find_task_by_pid_ns might be useful.


My kernel module loads with "modprobe -v my_module --allow-unsupported -o some-data" and I extract the "some-data" parameter. The following code gave me the entire command line, and here is how I parsed out the parameter of interest:

struct mm_struct *mm;
unsigned char x, cmdlen;

mm = get_task_mm(current);
down_read(&mm->mmap_sem);

cmdlen = mm->arg_end - mm->arg_start;
for(x=0; x<cmdlen; x++) {
    if(*(unsigned char *)(mm->arg_start + x) == '-' && *(unsigned char *)(mm->arg_start + (x+1)) == 'o') {
        break;
    }
}
up_read(&mm->mmap_sem);

if(x == cmdlen) {
    printk(KERN_ERR "inject: ERROR - no target specified\n");
    return -EINVAL;
}

strcpy(target,(unsigned char *)(mm->arg_start + (x+3)));

"target" holds the string after the -o parameter. You can compress this somewhat - the caller (in this case, modprobe) will be the first string in mm->arg_start - to suit your needs.


you can look at the special files in /proc/<pid>/

For example, /proc/<pid>/exe is a symlink pointing to the actual binary.

/proc/<pid>/cmdline is a null-delimited list of the command line, so the first word is the process name.

0

精彩评论

暂无评论...
验证码 换一张
取 消