From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 23 11:42:08 2006 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.ORG Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECAEB16A4F1 for ; Wed, 23 Aug 2006 11:42:08 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1CF443E4C for ; Wed, 23 Aug 2006 11:40:37 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ixgpkd@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k7NBeU6e066385; Wed, 23 Aug 2006 13:40:35 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k7NBeTvg066384; Wed, 23 Aug 2006 13:40:29 +0200 (CEST) (envelope-from olli) Date: Wed, 23 Aug 2006 13:40:29 +0200 (CEST) Message-Id: <200608231140.k7NBeTvg066384@lurza.secnetix.de> From: Oliver Fromme To: freebsd-hackers@FreeBSD.ORG, reko.turja@liukuma.net In-Reply-To: <006f01c6c67f$a0fb7c60$0a0aa8c0@rivendell> X-Newsgroups: list.freebsd-hackers User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 23 Aug 2006 13:40:36 +0200 (CEST) Cc: Subject: Re: Aqcuiring full path to running process from outside the ?kernel X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-hackers@FreeBSD.ORG, reko.turja@liukuma.net List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 11:42:09 -0000 Reko Turja wrote: > But as said in earlier post of mine, I managed to achieve what I was > trying with the following code - using the sysctl seems to achieve > what was needed reliably enough, at least for now. > > int mib[4]; > size_t len; > mib[0] = CTL_KERN; > mib[1] = KERN_PROC; > mib[2] = KERN_PROC_PATHNAME; > mib[3] = -1; > len = PATH_MAX; > > /* First we try grabbing the path to executable using the sysctl MIB*/ > result = sysctl(mib, 4, name, &len, NULL, 0); > > I managed to stumble upon this about the same time I got the first > reply on my question, but for fallback methods I've gotten several > valuable suggestions and ideas from here, thanks! Another way would be to use /proc/$$/file (where $$ is the result from getpid()), but it only works when PROCFS is mounted on /proc, obviously. Finally, maybe you don't have to know the path at all. The kernel maintains a file descriptor of the executable. lsof(8) and fstat(1) display it (as "text" or "txt", repectively), so I assume there's a way to retrieve it from userland. If you can get access to that file descriptor, you should be able to read data from the executable without having to know its path name. The latter might even be the _only_ way to access the executable file, because someone might have unliked the directory entry right after starting it, so you cannot access it anymore by path name, but only by descriptor. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell