Re: Process Creation Notification

From: Wes D (wes_at_idelltech.com)
Date: 11/12/04

  • Next message: Wes D: "Re: Process Creation Notification" 
    Date: Thu, 11 Nov 2004 19:55:27 -0500

    Basile Starynkevitch [news] wrote:

    > On 2004-11-11, Måns Rullgård <mru@inprovide.com> wrote:
    >> ptb@lab.it.uc3m.es (Peter T. Breuer) writes:
    >>
    >
    >>>> 2) Is there anyway to determine all pid's on the system without
    >>>> scanning the /proc filesystem?
    >
    > IO heard that /proc is now automagically mounted, but this might be
    > wrong. For practical matters, /proc always exist. It does not exist in
    > practice either in single boot (with init=/bin/bash for example passed
    > to the kernel by GRUB or LILO), on in chroot-ed environments.
    >
    >>>
    >>> Not that I know of, but you could always get the process table
    >>
    >> A somewhat inefficient way would be something like this:
    >>
    >> pid_t i;
    >> for(i = 0; i < 32768; i++){ /* or can the limit be higher */
    >
    > No, you should not start at 0; see the man page of kill for the
    > meaning of kill(0,0);
    >
    > And it is better to avoid starting at 1. It is the pid of init, and
    > bad things happen when you kill init (which usually is not easy to
    > kill)
    >
    > So you'll better start at (at least) (pid_t)2. In practice, 5 or 10 is
    > a better bet.
    >
    >> if(!kill(i, 0) || errno == EPERM){
    >> /* process exists */
    >> }
    >> }
    >
    > I would really suggest to readdir /proc instead (checking before
    > that /proc/version and /proc/1/exe exist) What do you intend to do (a
    > rootkit perhaps? this is a bad idea)???

    No, I do not intend on developing a rootkit. Those days of cracking
    curiosity are over.In fact, I'm in a project on sourceforge that requires
    some process intensive work. Thanks for the advice.
    Wes D

    > Also, on recent 2.6 kernels, you might have 32-bits pid_t. In that
    > case, looping on 2**31 pid_t -and doing 2**32 system calls- is really
    > a bad idea.
    >
    >

  • Next message: Wes D: "Re: Process Creation Notification"

    Relevant Pages

    • Re: Another shooting
      ... have them and use them to kill innocent people. ... It's a nice concept but one glance at the news today or on any given ... It isn't going anywhere and *daily*, the media reports on ... mass slaughter events appear to be rising (globally as ...
      (rec.music.beatles)
    • Re: Day of anger over Muhammad cartoons sweeps Muslim world
      ... muslims to kill and massacre those who offend them, ... news, I doubt if I will see the lefties demanding they are arrested for race ... Already been pointed out they are not committing race crimes. ... Incitement to kill probably. ...
      (uk.politics.misc)
    • Re: Mit Out Credible Etymology
      ... Learn a trade. ... Travel the world and meet ... interesting people, and kill them. ... O'Clock News. ...
      (alt.usage.english)
    • Re: About This Group
      ... until it expires on the server. ... You can't delete the article because you don't administer the News ... With trn/slrn style kill filing, you can kill file based on any ... information in any header or even in the article. ...
      (rec.arts.tv)
    • Re: Simple Power Pulse -- HOSP
      ... > I let them lay a set of eggs and start incubating (so ... >kill the mother and dump the whole nest on the ... birds so that you can kill them. ... The bad news is that everything is prohibited. ...
      (sci.electronics.design)