Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / Programming / Mac Programming / November 2006


Tip: Looking for answers? Try searching our database.

How to get the full path of a running process

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
grant_holler@yahoo.com - 25 Nov 2006 20:12 GMT
Hello,

I'm trying to find a way to reliably find the full path of a running
process. Currently, i'm sending a sysctl down (mib = {CTL_KERN,
KERN_PROCARGS, <pid>, 0, 0, 0}) to get the args the process was started
with to find the path, but that is not always reliable. For example, a
user can cd into a directory and start a process "./a.out", then the
proc args that come back will not include the full path to the a.out
(I'm looking for something will tell me the proc running is
/Users/me/a.out, instead of just a.out). I have the whole kinfo_proc
structure at my disposal, but i don't see any members in there that i
can use to find the full path of the process. kp_proc.p_comm, tells me
the proc name, but then again, not the full path.

To give a little more context on this, I need to the full path because
my process starts a thread that periodically monitors all processes
running & MD5's them to make sure that there are no malicious processes
(for which i know the MD5 of) running. In order to md5 the process, i
need the full path :). Any suggestions?

Thanks,

grant
Reply to this Message
glenn andreas - 25 Nov 2006 20:31 GMT
> To give a little more context on this, I need to the full path because
> my process starts a thread that periodically monitors all processes
> running & MD5's them to make sure that there are no malicious processes
> (for which i know the MD5 of) running. In order to md5 the process, i
> need the full path :). Any suggestions?

You do realize that under the UNIX model, there is no guarantee that a
process's executable has a unique path, or even any path at all?  For
example, with (hard) sym-links a file can appear in multiple locations
of the file system at the same time, and similarly, an executable can be
unlinked while it is running so that it doesn't have any file system
representation at all.

Perhaps a better approach might be to use the inode number of the file
instead (since that would remain constant in both of the above
situations) - there could be some cases of inodes for things like file
servers, but it might work better in general.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.