How does ps show the argv for all processes on Mac OS X?

views:

161

answers:

+1 Q:

How does ps show the argv for all processes on Mac OS X?

I'm trying to identify when a particular process is running, based on its arguments, on Mac OS X. There may be several processes running with the same name, but only one will have the arguments I'm looking for. The processes are not owned by the same user who will be running my code. They will not have modified their argv in any way.

The 'ps' command shows exactly the information that I need. But I would greatly prefer not to have to spawn 'ps' and parse its output.

I originally tried the solution from this question, using sysctl, but it turns out that only works for processes you own; see my other question for more info.

So how does ps obtain argv information for processes owned by other users?

+2 A:

BSD ps (used in Mac OS X) uses kvm_getargv() to get the commandline arguments for a process.

Here is the actual call: ps source code. Search for kvm_getproc2.

See OpenBSD man page for this family of functions.

Variable Length Coder 2010-04-02 20:38:44

Apple's version is here:http://www.opensource.apple.com/source/adv_cmds/adv_cmds-138.1/ps/

Dipstick 2010-04-02 20:59:54

This is interesting, although libkvm is deprecated (and headers unavailable) from 10.5 onwards. It also appears, based on Jason Coco's answer, that it may have the same limitation as sysctl.

DNS 2010-04-02 21:07:09

+2 A:

On Mac OS X ps is setuid 0, which is how it gets the information for all the processes. You have to run as root to get that information, so either you need to be setuid 0 or run your utility with sudo.

The best way is probably just to spawn ps and parse the output, even if you don't really want to ;)

Jason Coco 2010-04-02 20:53:52

So it is; I hadn't noticed that. That solves the mystery at least; thanks.

DNS 2010-04-02 21:22:55

ansaurus

tags:

views:

answers:

How does ps show the argv for all processes on Mac OS X?

related questions