Page 1 of 1

proc_t or sysctl from a KEXT

PostPosted: Wed Jul 24, 2013 5:26 am
by Emmanuel
I need to do some processing where I would get either a proc_t or just a pid.
If I go the pid route, I would do a sysctl() of sorts.

Unfortunately, I can't do either. proc_t is undefined and sysctl() isn't either. sysctlbyname() can be called but kinfo_proc isn't defined.
I'm assuming that sysctl() is there to be used in user mode but is there any way I can use proc_t?
I tried to use the XNU/osfmk/bsd include dir but then it won't compile because of redefinitions and other errors.
It's a little disconcerting and I'm still trying to wrap my head around what I can and cannot do.

Any suggestion?

Re: proc_t or sysctl from a KEXT

PostPosted: Thu Jul 25, 2013 12:01 pm
by morpheus
Hello Emmanuel,

proc_t is an opaque structure. It is a struct proc * in kernel_types.h, but struct proc itself is left opaque (actually defined in bsd/sys/proc_internal.h, q.v. page 504 in book), as you are not supposed to rely on its members; rather - you are meant to use accessors (e.g. proc_pid, or basically anything in the publicly visible proc.h). That aside, you can define it yourself, if you really need to (i.e. kernel hacking), by extracting from proc_internal.


Re: proc_t or sysctl from a KEXT

PostPosted: Mon Jul 29, 2013 8:18 pm
by Emmanuel
Cool! That helped a lot.
I ended up using those and for now that's all that I need.
I don't need much info for the time being. I was trying to get info from the internal structure but it doesn't has much advantage over the few functions in proc.h