I am learning OS in Linux, and want to get the executable file name.
I know I can get it from 'comm' located in task_struct, but I don't know how to get it.
Thank you!
Do you want to do this in user mode or kernel mode?
In user mode, use procfs:
https://unix.stackexchange.com/questions/449300/get-application-name-from-pid
In kernel mode, use pid_task to get the task_struct pointer, then read whatever you want:
Efficient way to find task_struct by pid
Related
I am new to linux kernel programming.
Currently, I use debugfs to output the value of a kernel variable (say myKernelVariable) to a file, say, debugfs/myFile
What I want to do is this: I want to use a user-level program (prefer C, but python also works for me) that when the value of myKernelVariable in debugfs/myFile is changed, my user-level program will be notified.
A very inefficient way is that I can set up a timer in my user-level program and repeatedly check if the value in debugfs/myFile is changed.
Are there any trigger/notify - based lightweight methods to do this?
Thanks very much.
During bootup of the target board we see uboot (bootloader) printing some information such as Image name, Image type, Load Address, Verifying checksum etc on the console. Which printing mechanism does it use? Does it use something like printk or it has its own definition for printing info even before kernel boots up? Where can I find the code for its printing implementation?
In the normal U-boot boot process,a limited amount of information is printed to the console. It use the the same kind of functions to print information as we use during the C programming.
u-boot use printf and puts to print the information on the console. you can find the same function implementations in the u-boot source code (u-boot boardfile and drivers).
There are a lot of commands which you can try from u-boot command prompts for more information.
To enable more messages you can either:
Using debug_cond (cond, fmt, args...): if you define some cond, once it is met, the U-boot will print out this message.
Using debug(fmt, args...): you can define DEBUG in the file u-boot-include/configs/<boardfile>_common.h (like in my case mx6_common.h), once do that and recompile the code, the U-boot will print out all debug message
Note: If you put too much debug into the code, it might make u-boot hang up.
You can enter uBoot when you startup (interrupting the startup of the kernel) if you want information about uBoot for example where it prints to or what the values are of it's variables you can use the 'printenv' command and change them with the 'setenv' command.
When a system call is invoked from 64-bit userspace to 64-bit kernel, syscall table is accessed from arch/x86/kernel/entry_64.S, from the system_call assembly entry point. How can I get the virtual/physical address of this "system_call()" routine?
In other words, I want to know the address of entry point used by all system calls. I tried looking at kallsyms file but couldn't find it there. Perhaps, it has another name in kallsyms?
Reference: https://lwn.net/Articles/604287/
What do you need this for? Are you sure you were inspecting kallsyms of the same kernel which was used in the article?
Figuring out what the func got renamed to is left as an exercise for the reader.
When we are executing dd command, which write function gets called.
As per my understanding, dd command is not filesystem specific, so no file system's file_operations is involved. Please correct If I am wrong here.
I would like to know which file_operations is involved in carrying out dd operation?
That depends on what you write to.
Either it is a regular file and file system specific calls are used or it is a device and you eventually use to the target disk (or whatever) underlying driver.
http://www.makelinux.net/books/ulk3/understandlk-CHP-14-SECT-5#understandlk-CHP-14-SECT-5
The write system call does indeed end up invoking the file system specific write via the VFS layer. See the vfs_write function.
Hello I am writing a minifilter driver for intercepting all the irp packets from a certain process say a.exe .
So , in the driver code it can be done by applying a check on the command line arguments that started the process.
Does anyone know how can i retrieve the command line argument ??
Thanks in advance .
There's no supported way to do this from within kernel-mode. In fact, trying to access user-mode process information from the kernel is a pain in general. I would suggest firing up a request to a user-mode service, which can then find that information and pass it back down to your kernel component.
However, there an undocumented method to do it. If you can get a handle to an EPROCESS struct for the target process, you can get at a pointer to the PEB (process environment block) struct within it, which then has a pointer to an RTL_USER_PROCESS_PARAMETERS structure, which has a member called CommandLine.
Example:
UNICODE_STRING* commandLine = epProcess->Peb->ProcessParameters->CommandLine;
The downside to this is that EPROCESS is almost entirely opaque and PEB is semi-opaque too, meaning that it may change in future versions of Windows. I certainly wouldn't advocate trying this in production code.
Try using the NtQueryInformationProcess or ZwQueryInformationProcess function with the PROCESSINFOCLASS parameter as ProcessBasicInformation. The output parameter, ProcessInformation, will be a struct of type PROCESS_BASIC_INFORMATION. As Polynomial mentioned, this struct has a pointer to the process's PEB struct, which contains the information you are looking for in its ProcessParameters field.