Reputation: 11727
How to access Linux kernel data structures?
I want to print the information of each process and what that process is doing at runtime. i.e. Which file is read/write by that process continuously.
For this I'm writing a kernel module.
Any one have idea to How to access this information in kernel module or how to access the process table data structures in my kernel module?
pseudo code for task will be like this:
1. get each process from /proc.
2. Access the data structure of that process i.e. process table and all
3. print what that process is doing i.e. which file it is accessing (i.e. reading or writing) at rutime.
Upvotes: 0
Views: 1558
Answers (2)
Reputation: 9474
There is a macro called for_each_process declared in /include/linux/sched.h
http://lxr.free-electrons.com/source/include/linux/sched.h#L2621
By using this macro, it is possible to traverse all process's task_struct.
http://lxr.free-electrons.com/source/include/linux/sched.h#L1343
Upvotes: 0
Reputation: 445
Please take a look at this example.
It specifically shows how to create a kernel module which prints the open files of a process (and relies on the task_struct struct gained from the current macro I mentioned in my comment). This can be manipulated to far more complicated things which can be accessed through the process task_struct struct.
Upvotes: 1
Related Questions
- How to share data-structure definition between kernel modules and user-application?
- How do I access any kernel symbol in a kernel module?
- Structs in Linux Kernel Space?
- linux kernel: how to get 'struct file' pointer inside kernel for a device file?
- Where do i get the api for the linux kernel that would let me access information within the kernel
- Can kernel module use kernel data structures?
- How to get config data from a Linux kernel module?
- per-task data structure in linux kernel module
- kernel module: Accessing member of structure defined in another module header
- Reading kernel memory using a module