tnrgus
Reputation: 365
Way to get a pid of process that calls system call?
I made a kext to use my system call instead of an existing system call on reference to Re-routing System Calls.
During a test, I wonder which process calls this systemcall.
I need to allow applications to continue normally except the specified process.
Is there anything that obtain the information of calling process?
Upvotes: 2
Views: 1233
Answers (1)
bdash
Reputation: 18308
If you take a look at the source for the regular implementation of the ptrace system call you can see that it works with the struct proc representing the calling process that's passed in as the first argument:
int
ptrace(struct proc *p, struct ptrace_args *uap, int32_t *retval)
{
// …
if (uap->req == PT_DENY_ATTACH) {
proc_lock(p);
if (ISSET(p->p_lflag, P_LTRACED)) {
proc_unlock(p);
KERNEL_DEBUG_CONSTANT(BSDDBG_CODE(DBG_BSD_PROC, BSD_PROC_FRCEXIT) | DBG_FUNC_NONE,
p->p_pid, W_EXITCODE(ENOTSUP, 0), 4, 0, 0);
exit1(p, W_EXITCODE(ENOTSUP, 0), retval);
/* drop funnel before we return */
thread_exception_return();
/* NOTREACHED */
}
SET(p->p_lflag, P_LNOATTACH);
proc_unlock(p);
return(0);
}
You can use the functions in <sys/proc.h> to get information on the given process, such as proc_pid to find the pid.
Upvotes: 2
Related Questions
- How to get current process pid?
- Ways to find out if the process is created by system (by pid) on macOS?
- How do you get the current process ID in Mac kernel extension code?
- How to get the pid of a process started using system call?
- How to get information of /proc/[pid]/status
- How can I find out the PID of the SystemUIServer process in C/C++/Objective-C on Mac OS?
- How to know the name of the system call that I'm currently handling?
- How to find the process id of the process that issued a system call in Linux?
- Find out the process name by pid in osx kernel extension
- In Linux how do I retrieve the pid of the process making a system call