Working with Processes in the Kernel

The BSD portion of the kernel provides a KPI for getting information about active processes in the system. Note that the term process is used in BSD as opposed to task, which is used in the Mach portion of the kernel, though they really refer to the same thing.

KERNEL PRIVATE KPIS

If you are digging around in the kernel headers, you may come across the preprocessor directive KERNEL_PRIVATE. Functions or other symbols defined within these sections are not available for use by third-party kernel extensions, and attempting to use one even if the correct header is included will result in a failure to load that KEXT due to unresolved symbols. Apple's own KEXTs are able to access these symbols by adding a dependency to com.apple.kpi.private. If you add a dependency for this KPI in your own KEXT it will fail to load, as only Apple-signed KEXTs can use it.

You have already seen examples of how to get information about a process in the AppWall example in Chapter 13, where we used the proc_selfname() function to get the process name of the currently running process. If the function is called in a thread owned by the kernel, the kernel process name “kernel_task” will be returned.

If you need to know the PID of the currently running process instead of its name, you can call proc_selfpid(). You can also find the name of a process if you know its PID by using the proc_name(int pid, char * buf, int size); function. An overview of functions in the process KPI is outlined in Table 17-1.

images

images

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.134.229