NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Am I traced?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 15.04.2016 04:09, Eric Haszlakiewicz wrote:
> 
> On 4/11/2016 11:52 PM, Kamil Rytarowski wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> 
>> I'm trying to write a check whether I am a traced process.
>> 
>> Is the following code correct:
>> 
>> #define _KMEMUSER #include <sys/cdefs.h> #include <sys/param.h> 
>> #include <sys/sysctl.h> #include <stdio.h> #include <unistd.h> 
>> #include <kvm.h> #include <err.h> #include <stdlib.h>
>> 
>> int main(int argc, char **argv) { int traced = -1; kvm_t *kd; int
>> cnt;
>> 
>> struct kinfo_proc *info; size_t size = sizeof(info);
>> 
>> kd = kvm_open(NULL, NULL, NULL, KVM_NO_FILES, "kvm_open"); if (kd
>> == NULL) err(EXIT_FAILURE, "kvm_open");
>> 
>> info = kvm_getprocs(kd, KERN_PROC_PID, getpid(), &cnt); if (info
>> == NULL) err(EXIT_FAILURE, "kvm_getprocs");
>> 
>> traced = info->kp_proc.p_flag & P_TRACED;
> I don't think this will work using kvm_getprocs(), because many of
> the flags that you might expect to be in p_flag are actually in
> other fields of struct proc, such as p_slflag.  If I change your
> code to do: traced = info->kp_proc.p_slflag & PSL_TRACED; it seems
> to work roughly as expected.  Alternately, I believe you could 
> switch to using kvm_getproc2(), as there is code (in fill_kproc2()
> in kern_proc.c) which translates the various P*_<foo> flags into
> P_<foo> flags and places them in the p_flag field. For example, if
> I print out all the flags, and run your program through gdb, I
> get: p_flag=0x4000 p_sflag=0x10000000 p_slflag=0x801 p_lflag=0x2 
> p_stflag=0x0 traced=2048
> 
> Decoded, that's: p_flag=PK_EXEC p_sflag=PS_NOTIFYSTOP 
> p_slflag=PSL_TRACED|PSL_TRACEFORK p_lflag=PL_CONTROLT p_stflag=0 
> traced=Yes
> 
>> kvm_close(kd);
>> 
>> printf("traced=%d\n", traced);
>> 
>> return 0; }
>> 
>> I'm getting weird results for info->kp_proc.p_flag indicating
>> that I was timeouted during sleep.
> eh?  What value in p_flag would indicate a timeout?   Oh, perhaps
> you're looking at the ps man page, which refers to P_TIMEDOUT with
> value 0x400, but /usr/include/sys/sysctl.h has P_SA (aka L_SA) with
> that value. As far as I can tell, P_TIMEDOUT is not actually
> defined anywhere, and P_SA/L_SA are not actually used within the
> kernel anymore and haven't been since before netbsd-5.
> 
> Eric

Thank you! It works now as expected.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXENQOAAoJEEuzCOmwLnZsjR4P/3ziMw3SdnD0Wv7IhjhjAInJ
dlr7f10yPn0VuEQp7dQsAKMZ1OokTTE+KZgm0oB6FATAPbVci8hC8jVcTnxvOsMK
0mx6GUlF96VutGRiQotbTA3qPHg4p3/DFhdOq8chE+2tmpz51XFvzq24ntX5t2pc
Arnw23IZzIysetHCNim4qEI4Xya2xMo7NridrrckkaqUGB1+VDvwDNfU5noblLhJ
LoWshjmh3ReuA4fv9tAc+ZkDzBb2VzCAlFbsQP4/aRw+wNQ4A6Wb2R+PZm6vzWYY
zTJUnh87Xz3Mx4CoGMNa4XPcVGqo+2rXQVjeBVvnR24I6SizOi1SsidWHEAZhLo8
LYcRG7ttu6Wx2c74SSQvIm7uH88zradyyqBEFSmcUVwDGXWCMAHhLuDTE5vYQYa/
XXQhAIQMR9jTFTfwaDTuPQu3Lhfcg6eP6dC3oaR8bEcsUhMEHYgWPv1nhlzYRPCL
gJmCP8uF/4Lig5fgs6+2v4sM5sAIZ0fwlWAmfPcs77AjLNm1eyhY4jXcsx0IYSl0
V/KcRmT8yELbEbjiltdctibAraTh6RrorAZiID9JRaaZUjkHa/eCK4wt+511PhEd
14m/G56TVGEl2RDPzhhOxcGT6T80H8z1PeFyjowdNOt+IQ0nJq3esK31Jp4o2+xY
NsDv95qAJ+94/gAExtvY
=Xgsv
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index