Linux Get Process Name from Pid Within Kernel

linux get process name from pid within kernel

struct task_struct contains a member called comm, it contains executable name excluding path.

Get current macro from this file will get you the name of the program that launched the current process (as in insmod / modprobe).

Using above info you can use get the name info.

How to get process name from PID using C

To find the task_struct of a process we can make use of the function pid_task defined in kernel/pid.c . 

struct task_struct *pid_task(struct pid *pid, enum pid_type type)

Arguments: 

pid : Pointer to the struct pid of the process. 
pid_type:  PIDTYPE_PID,
       PIDTYPE_PGID,
          PIDTYPE_SID,
          PIDTYPE_MAX

To find the pid structure if we have the pid of a process we can use the functionfind_get_pid which is also defined in kernel/pid.c 

struct pid *find_get_pid(pid_t nr)

In the below module we create a read/write proc entry named task_by_pid. Which ever process we want to find the task_struct of using its pid we can write to number into the proc entry.

When we read the proc entry, it will display the name of the process corresponding to the pid we wrote into it.

proc_task_pid: 

#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/uaccess.h>
#include <linux/fs.h> 
#include <linux/cdev.h>
#include <linux/proc_fs.h>
#include <linux/pid.h>

#include <linux/pid_namespace.h>
int p_id;
struct pid *pid_struct;
struct task_struct *task;
static struct proc_dir_entry *proc_write_entry;
char *proc_name="task_by_pid";

int read_proc(char *buf,char **start,off_t offset,int count,int *eof,void *data )
{
int len=0;
pid_struct = find_get_pid(p_id);
task = pid_task(pid_struct,PIDTYPE_PID);

 len = sprintf(buf,"\nname %s\n ",task->comm);

return len;
}

int write_proc(struct file *file,const char *buf,int count,void *data )
{
int ret;
char *id;
id = (char *)kmalloc(1000*sizeof(char),GFP_KERNEL);
printk(KERN_INFO "buf passed %s",buf);
if(copy_from_user(id,buf,count))
    return -EFAULT;
printk(KERN_INFO "id passed %s",id);
p_id = simple_strtoul(id,NULL,0);
printk(KERN_INFO "pid %d ret %d",p_id,ret);
return sizeof(buf);
}

void create_new_proc_entry()
{
proc_write_entry = create_proc_entry(proc_name,0666,NULL);
if(!proc_write_entry)
      {
    printk(KERN_INFO "Error creating proc entry");
    return -ENOMEM;
    }
proc_write_entry->read_proc = read_proc ;
proc_write_entry->write_proc = write_proc;
printk(KERN_INFO "proc initialized");

}

int proc_init (void) {
    create_new_proc_entry();
    return 0;
}

void proc_cleanup(void) {
    printk(KERN_INFO " Inside cleanup_module\n");
    remove_proc_entry(proc_name,NULL);
}
MODULE_LICENSE("GPL");   
module_init(proc_init);
module_exit(proc_cleanup);

Use the following make file to compile it: 

ifneq ($(KERNELRELEASE),) 
   obj-m := proc_task_pid.o
else 

KERNELDIR ?= /lib/modules/$(shell uname -r)/build 

PWD := $(shell pwd)

default: 
 $(MAKE) -C $(KERNELDIR) M=$(PWD) modules
endif 
clean:
 $(MAKE) -C $(KERNELDIR) M=$(PWD) clean

Compile it using 

$make

Insert it into the kernel:

$ insmod proc_task_pid.ko

Now let us try to find the name of the process with pid "1", which is always init. 

$ printf "1" > /proc/task_by_pid 
$ cat /proc/task_by_pid
name init

As expected the output is "init". Thus we can find the task_struct of any process using its pid.

Source code from here.

get _complete_ process name from pid

You could always look at how the kernel does it. You'll see the function:

proc_pid_cmdline(struct task_struct *task, char * buffer)

It's fairly easy to follow but once you have the task_struct for the process you are interested in you use access_process_vm() to slurp the bits you want from mm->arg_start.

Full process name from task_struct

Did you mean exe file name? You can get the exe of current process as follows :

char *pathname,*p;
mm = current->mm;
if (mm) {
    down_read(&mm->mmap_sem);
    if (mm->exe_file) {
                pathname = kmalloc(PATH_MAX, GFP_ATOMIC);
                if (pathname) {
                      p = d_path(&mm->exe_file->f_path, pathname, PATH_MAX);
                    /*Now you have the path name of exe in p*/
                }
            }
    up_read(&mm->mmap_sem);
}

Getting user process pid when writing Linux Kernel Module

When your read function is executing, it's doing so in the context of the process that issued the system call. You should thus pe able to use current, i.e. current->pid.

How to get the process name from server layer using PID

In user space, you could use /proc/<pid>/cmdline to get the process's name, like

$cat /proc/$$/cmdline

bash


Related Topics

Bash: /Bin/Myscript: Permission Denied

Why Does This Movq Instruction Work on Linux and Not Osx

Modelsim-Altera Error

/Usr/Bin/Ld: Client: Hidden Symbol '_Dso_Handle'

Analyzing CPU Registers During Kernel Crash Dump

Unterminated Address Regex While Using Sed

Why Exported Variables in Makefile Is Not Received by Executable

Can Any One Say How to Install the Slack in Ubuntu14.04 and While Trying This Was the Error

Syntax Error: Operand Expected When Using Bash

Using a Command That Needs Backticks to Be Passed as Part of an Argument in Bash

Tty_Flip_Buffer_Push() Sends Data Back to Itself

Get a Spectrum of Frequencies from Wav/Riff Using Linux Command Line

Linux Get Process Name from Pid Within Kernel

Loop Over File Names from 'Find'

Docker Container Accessible Only via Cloudflare Cdn (Selected Ip Ranges)

Linux: Handling a Segmentation Fault and Getting a Core Dump

Cmake Set Environment Variable

Get Last Parameter on Shell Script


Leave a reply



Submit