New Tool: Process Explorer

Used for discussing the various tools in the book as well as encouraging members to share tools

New Tool: Process Explorer

Postby morpheus » Sun Sep 08, 2013 6:53 pm

So, this is an old/new tool. I've had this for a while (as psleuth) but never made it fully public. Over a looooong flight, though, I had time, and now it's somewhat ready for human consumption.

Basically, the idea is to provide the same functionality Mark Russinovich's amazing tool of the same name does for Windows. Only on Mac OS X, *and* in command line (so it's easy to run over SSH to a Mac or i-Device, like top). It's more of a GNU top than an OS X top. Specifically:

- Columns are navigable using arrow keys : UP/DOWN will select a process (and scroll to processes which don't fit on the screen). LEFT/RIGHT will sort columns. "R" will reverse sort.

- Pressing <ENTER> on a process will provide more details on said process, including file descriptors (q.v. /proc/<pid>/fd and fdinfo in Linux), including connected UNIX Domain sockets - that is, it tells you who's holding the other end of a socket (which lsof kind of does, but doesn't give you the PID).

- Pressing "?" will provide help

- It uses significantly less CPU (though has more samples)

- If output is piped, it defaults to text (non curses) mode, and provides easily grep'able output.

Still in the works:

- Renice/kill/suspend highlighted process (simple, but I haven't gotten to it yet)
- Fully customizable columns (remove already works, but I'll do 'add' as well, and you would be able to shift columns around and save a .rc file)
- Colors (also customizable)
- Mach Ports and regions


THIS IS AN ALPHA VERSION! There may be bugs. There ARE bugs. Again, feedback is welcome, and is crucial. Looking forward to hearing from you

J
Attachments
procexp.tar
Universal binary for OS X and iOS
(118 KiB) Downloaded 778 times
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: New Tool: Process Explorer

Postby sarim » Fri Nov 01, 2013 4:26 pm

Interesting tool !
i was trying to find a way to read from a fd, and landed here from google.

is it possible to publish the source code for this app ? I'm trying to read from a fd. suppose i want to read from 54th fd of pid 3566. Using your app, i can get a list of pid no -> pid path by ./procexp {pid}
Do you think it is possible to read from fd like linux "cat /proc/{PID}/fd/{fd-id}"
Can you tell which Framework/Class you used for getting the fd(s) ?
sarim
 
Posts: 1
Joined: Fri Nov 01, 2013 4:20 pm

Re: New Tool: Process Explorer

Postby morpheus » Fri Nov 01, 2013 9:26 pm

Hello Sarim,

I aim to release the diagnostics library (hard linked into procexp) free to anyone who so much as asks, definitely. The source for process explorer isn't fully free yet (though with enough demand I'd certainly consider it - you're the first to ask). I'm preparing an article on the exact APIs I've used there, but basically it all revolves around proc_info (as discussed in my book, syscall #336). It is wrapped by libproc (q.v. /usr/include/libproc.h) and the FDs can be had with proc_pidlist().

Note that the FDs in Linux you're referring to are merely symbolic links. Once you have the FD to name mapping, you can just do the cat yourself. There's a (slightly outdated) implementation of procfs for OS X (over FUSE) which is why I havent bothered much with it, though if people wanted, I could certainly do it.

If you use procexp from the command line as shown in the man page, with PID and "fds" after, e.g.
bash-3.2$ procexp $$ fds

PID 13514 FD 0u->/dev/ttys001 @0x29b1af3
PID 13514 FD 1u->/dev/ttys001 @0x29b1b1f
PID 13514 FD 2u->/dev/ttys001 @0x29b1b4b


It will show you an LSOF-style output (in fact, replacing lsof altogether) in which you can see the file name (kind of like ls -l /proc/$$/fd on Linux) and the offset (kind of like cat /proc/$$/fdinfo/..) on Linux. So to see what the process sees, you'd have to open the fd and do lseek() to that position. Though bear in mind the file offset may change with any second

Make sure you always have the updated version (that is, the one from the downloads page) since I constantly update it. The new Mavericks/iOS 7 compatible version is really cool, with plenty of statistics on memory pressure and compression, as well

J
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests